Unisntalling Whensearch

Salut,

télécharge hijackthis:
http://www.hijackthis.de/downloads/hijackthis_199.zip

Installe le dans son propre dossier:
Par exemple C:\hijackthis
Lance le, clique sur "do a system scan and save logfile"
Puis copie et colle le rapport ici.

Salut,

oui utilise HijackThis ça ne va pas faire planter ton systeme ;-)

A+

Salut,

Regarde ici comment faire un copier coller :-)

Demo pour HijackThis

http://pageperso.aol.fr/balltrap34/demohijack.htm

A++

Salut,

tu es bien infecté!

Installe Avast < anti-virus

http://www.commentcamarche.net/download/telecharger-151-avast

Telecharge et installe un pare-feu Kerio

Kerio:
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
-tutoriel: pour configurer et comprendre Kerio
https://kerio.probb.fr/

Puis telecharge, et scan ton pc avec ceci mit a jour, des qu'il a finit colle le rapport ici:

Ewido:
https://www.01net.com/telecharger/

A++

---------------------------------------------------------
ewido anti-malware - Rapport de démarrage
---------------------------------------------------------

+ Créé le: 00:52:13, 2006-01-26
+ Somme de contrôle: B0B16753

Reg\HKLM\Run Lwprei C:\Program Files\Lxvnw\Joamxoo.exe
Reg\HKLM\Run Ljcupv C:\Program Files\Ibgro\Fidd.exe
Reg\HKLM\Run Rofqp C:\Program Files\Vemep\Trxtp.exe
Reg\HKLM\Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Reg\HKLM\Run CARPService carpserv.exe
Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
Reg\HKLM\Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Reg\HKLM\Run Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
Reg\HKLM\Run HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Reg\HKLM\Run Ykarz C:\Program Files\Frdex\Ixlxj.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run Zzobndvb C:\Program Files\Ccfk\Nhpu.exe
Reg\HKLM\Run Zpmzz C:\Program Files\Shtzu\Jbxnrs.exe
Reg\HKLM\Run Zmdootob C:\Program Files\Vszf\Jbloixv.exe
Reg\HKLM\Run Zbculsj C:\Program Files\Qgddcm\Tpzoc.exe
Reg\HKLM\Run BeClean Agent C:\Program Files\BeClean\bca.exe
Reg\HKLM\Run Wuxaty C:\Program Files\Ytswsrk\Avbpo.exe
Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Reg\HKLM\Run Vtteflda C:\Program Files\Yazonoo\Iknc.exe
Reg\HKLM\Run MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Reg\HKLM\Run Toqsuc C:\Program Files\Aisxbio\Ybcra.exe
Reg\HKLM\Run Tcbsrrm C:\Program Files\Xyhvzif\Qimvoa.exe
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Reg\HKLM\Run Rguybldf C:\Program Files\Iftpfd\Npqnu.exe
Reg\HKCU\Run msnmsgr "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
Reg\HKLM\Run QT4HPOT C:\Program Files\HPQ\One-Touch\OneTouch.EXE
Reg\HKLM\Run Odnyugff C:\Program Files\Frtjp\Mfet.exe
Reg\HKLM\Run MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
Reg\HKLM\Run Mrdcs C:\Program Files\Xlwttmy\Pqeo.exe
Reg\HKLM\Run HPHmon05 C:\WINDOWS\System32\hphmon05.exe
Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Reg\HKLM\Run Gwoeeg C:\Program Files\Rcrh\Fuor.exe
Reg\HKLM\Run Gknkh C:\Program Files\Dvgor\Fvjanzp.exe
Reg\HKLM\Run Ggkjklhe C:\Program Files\Ocxvqs\Qugfu.exe
Reg\HKLM\Run Fpdhb C:\Program Files\Mzqyuf\Hzmtqb.exe
Reg\HKLM\Run Fmrsx C:\Program Files\Gjfjog\Nddecgu.exe
Reg\HKLM\Run Efzsse C:\Program Files\Xqht\Cweiax.exe
Reg\HKLM\Run Drrjdx C:\Program Files\Qcsafp\Wztbrkz.exe
Reg\HKLM\Run Display Settings C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
Reg\HKLM\Run Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
Reg\HKLM\Run Cplble C:\Program Files\Kzbc\Aodghx.exe
Reg\HKLM\Run Chqnhj C:\Program Files\Zzrxk\Glop.exe
Reg\HKLM\Run ccApp "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Reg\HKLM\Run Wjvqbpbg C:\Program Files\Ywxj\Qrcylm.exe
Reg\HKLM\Run Uokxumz C:\Program Files\Psyohv\Nfser.exe
Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Reg\HKLM\Run Pidwdh C:\Program Files\Bckn\Hrgf.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Shell\CommonStartup Lancement rapide d'Adobe Reader.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
Shell\CommonStartup MyWebSearch Email Plugin.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
Shell\CommonStartup WinZip Quick Pick.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
Shell\UserStartup MyWebSearch Email Plugin.lnk C:\Documents and Settings\David\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
Shell\CommonStartup HP Digital Imaging Monitor.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk


Bonjour boulepate,


Voici le rapport tel que demandé!!! J' espère seulement pouvoir régler tout ça sans problème. Effectivement, je n'étais pas muni d'un "firewall" pour mon système. Celui que vous m'avez fait téléchargé est valide pour 14 jours seulement et je ne sais pas vraiment s' il est bien configurer. J'étais par contre, muni d'un Antivirus "Northern".

J'attends de vos nouvelles avec impatience en espérant que je ne suis pas un cas trop lourd à aider. Tout ce que je souhaite, c'est de pouvoir nettoyer mon système à fond le plus rapidement possible.

Pour ce qui est de "ewido anti-malware" et de "kerio", me conseillez-vous de les gardés??


Merci encore pour votre aide si précieuse!!!


Davidounet

Salut,

bah dit donc ..

Gardee ewido parcontre ton anti-virus c'est une passoire à virus vire le puis installe avast .. pour ce qui est de kerio, il est valable 15jours puis apres c'est la version gratuite donc pas de soucis tu peux le garder.

Peux tu remettre un rapport HijackThis stp

Salut,

Pour kerio, je t'ai mit un liens pour le configurer tu l'as suivit?!
Si tu y arrives toujours pas vire le puis installe celui ci:

ZoneAlarm:
http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/18128.html

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O4 - HKLM\..\Run: [Zzobndvb] C:\Program Files\Ccfk\Nhpu.exe
O4 - HKLM\..\Run: [Zpmzz] C:\Program Files\Shtzu\Jbxnrs.exe
O4 - HKLM\..\Run: [Zmdootob] C:\Program Files\Vszf\Jbloixv.exe
O4 - HKLM\..\Run: [Zbculsj] C:\Program Files\Qgddcm\Tpzoc.exe
O4 - HKLM\..\Run: [Ykarz] C:\Program Files\Frdex\Ixlxj.exe
O4 - HKLM\..\Run: [Wuxaty] C:\Program Files\Ytswsrk\Avbpo.exe
O4 - HKLM\..\Run: [Wjvqbpbg] C:\Program Files\Ywxj\Qrcylm.exe
O4 - HKLM\..\Run: [Vtteflda] C:\Program Files\Yazonoo\Iknc.exe
O4 - HKLM\..\Run: [Uokxumz] C:\Program Files\Psyohv\Nfser.exe
O4 - HKLM\..\Run: [Toqsuc] C:\Program Files\Aisxbio\Ybcra.exe
O4 - HKLM\..\Run: [Tcbsrrm] C:\Program Files\Xyhvzif\Qimvoa.exe
O4 - HKLM\..\Run: [Rguybldf] C:\Program Files\Iftpfd\Npqnu.exe
O4 - HKLM\..\Run: [Odnyugff] C:\Program Files\Frtjp\Mfet.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Mrdcs] C:\Program Files\Xlwttmy\Pqeo.exe
O4 - HKLM\..\Run: [Lwprei] C:\Program Files\Lxvnw\Joamxoo.exe
O4 - HKLM\..\Run: [Ljcupv] C:\Program Files\Ibgro\Fidd.exe
O4 - HKLM\..\Run: [Gwoeeg] C:\Program Files\Rcrh\Fuor.exe
O4 - HKLM\..\Run: [Gknkh] C:\Program Files\Dvgor\Fvjanzp.exe
O4 - HKLM\..\Run: [Ggkjklhe] C:\Program Files\Ocxvqs\Qugfu.exe
O4 - HKLM\..\Run: [Fpdhb] C:\Program Files\Mzqyuf\Hzmtqb.exe
O4 - HKLM\..\Run: [Fmrsx] C:\Program Files\Gjfjog\Nddecgu.exe
O4 - HKLM\..\Run: [Efzsse] C:\Program Files\Xqht\Cweiax.exe
O4 - HKLM\..\Run: [Drrjdx] C:\Program Files\Qcsafp\Wztbrkz.ex
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Cplble] C:\Program Files\Kzbc\Aodghx.exe
O4 - HKLM\..\Run: [Chqnhj] C:\Program Files\Zzrxk\Glop.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\__delete_on_reboot__mwsoemon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb035
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_FR_XP.cab
O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/221457b606ff2cef1905/netzip/RdxIE601_fr.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121289871150
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/10062/jeunemec.exe
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_FR_pack_XP.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

Clique sur demarrer, rechercher, cherche un par un ces fichiers et supprime si present:

Nhpu.exe
Jbxnrs.exe
Jbloixv.exe
Tpzoc.exe
Ixlxj.exe
Avbpo.exe
Qrcylm.exe
Iknc.exe
Nfser.exe
Ybcra.exe
Qimvoa.exe
Npqnu.exe
Mfet.exe
Pqeo.exe
Joamxoo.exe
Fidd.exe
Fuor.exe
Fvjanzp.exe
Qugfu.exe
Hzmtqb.exe
Nddecgu.exe
Cweiax.exe
Wztbrkz.ex
Aodghx.exe
Glop.exe
MWSOEMON.EXE
__delete_on_reboot__mwsoemon.exe
loftgay.exe
jeunemec.exe

Clique sur demarrer, poste de travail, C:, program files, cherche et supprime ces dossiers:

Nhpu.exe
Shtzu
Vszf
Qgddcm
Frdex
Ytswsrk
Ywxj
Yazonoo
Psyohv
Aisxbio
Xyhvzif
Iftpfd
Frtjp
Xlwttmy
Lxvnw
Ibgro
Rcrh
Dvgor
Ocxvqs
Mzqyuf
Gjfjog
Xqht
Qcsafp
Kzbc
Zzrxk
MyWebSearch


Vide ta corbeille, redemarre normalement et remet un rapport HijackThis stp

Re,

oki c'est deja mieux :-)

fait ceci maintenant

Affiche tous les fichiers et dossiers :
Clique sur démarrer, panneau de configuration, outi,option des dossiers, affichage

Coche: afficher les fichiers et dossiers cachés

Décoche la case:
-masquer les fichiers protégés du système d'exploitation (recommandé)
-masquer les extensions dont le type est connu

Appliquer, puis ok


Puis accepte l'active x pou rfaire le scan, scan ton pc et une fois finit colle le rapport ici

http://www.bitdefender.fr/scan/license.php

Ou celui la si l'autre ne fonctionne pas

http://www.bitdefender.com/scan8/ie.html

Ou encore ( on sait jamais)

http://www.pandasoftware.com/activescan/fr/activescan_principal.htm


A++

---------------------------------------------------------
ewido anti-malware - Rapport de démarrage
---------------------------------------------------------

+ Créé le: 00:30:55, 2006-01-28
+ Somme de contrôle: F9075051

Reg\HKLM\Run HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Reg\HKLM\Run Rofqp C:\Program Files\Vemep\Trxtp.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run Pidwdh C:\Program Files\Bckn\Hrgf.exe
Reg\HKLM\Run QT4HPOT C:\Program Files\HPQ\One-Touch\OneTouch.EXE
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Reg\HKLM\Run HPHmon05 C:\WINDOWS\System32\hphmon05.exe
Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Reg\HKLM\Run Display Settings C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Reg\HKLM\Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Reg\HKLM\Run CARPService carpserv.exe
Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
Reg\HKLM\Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Reg\HKLM\Run Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
Reg\HKLM\Run BeClean Agent C:\Program Files\BeClean\bca.exe
Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Reg\HKLM\Run MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Reg\HKLM\Run avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Reg\HKLM\Run SpyCatcher Reminder
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Reg\HKCU\Run msnmsgr "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
Reg\HKCU\Run a-squared "C:\Program Files\a-squared\a2guard.exe"
Shell\CommonStartup SpyCatcher Protector.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SpyCatcher Protector.lnk
---------------------------------------------------------
ewido anti-malware - Rapport de connexion
---------------------------------------------------------

+ Créé le: 00:31:23, 2006-01-28
+ Somme de contrôle: DDE044EE

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44501 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:44334 ESTABLISHED
TCP 127.0.0.1:1027 127.0.0.1:1029 ESTABLISHED
TCP 127.0.0.1:1029 127.0.0.1:1027 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1032 127.0.0.1:44334 ESTABLISHED
TCP 127.0.0.1:1034 127.0.0.1:1036 ESTABLISHED
TCP 127.0.0.1:1036 127.0.0.1:1034 ESTABLISHED
TCP 127.0.0.1:1494 127.0.0.1:12110 TIME_WAIT
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
TCP 127.0.0.1:44334 127.0.0.1:1025 ESTABLISHED
TCP 127.0.0.1:44334 127.0.0.1:1032 ESTABLISHED
TCP 169.254.66.157:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:161
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1026
UDP 0.0.0.0:1028
UDP 0.0.0.0:1033
UDP 0.0.0.0:1035
UDP 0.0.0.0:1050
UDP 0.0.0.0:1124
UDP 0.0.0.0:4500
UDP 0.0.0.0:44334
UDP 64.229.109.201:123
UDP 64.229.109.201:1900
UDP 127.0.0.1:123
UDP 127.0.0.1:1900
UDP 169.254.66.157:123
UDP 169.254.66.157:137
UDP 169.254.66.157:138
UDP 169.254.66.157:1900
---------------------------------------------------------
ewido anti-malware - Rapport des processus
---------------------------------------------------------

+ Créé le: 00:31:40, 2006-01-28
+ Somme de contrôle: 41AC7344

0: System Process
4: System Process
408: C:\Program Files\Outlook Express\msimn.exe
552: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
572: C:\Program Files\Alwil Software\Avast4\ashServ.exe
604: C:\WINDOWS\System32\cisvc.exe
644: C:\Program Files\ewido anti-malware\ewidoctrl.exe
672: C:\Program Files\ewido anti-malware\ewidoguard.exe
708: C:\WINDOWS\system32\HPConfig.exe
728: C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
756: C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
836: \SystemRoot\System32\smss.exe
876: C:\WINDOWS\system32\cidaemon.exe
884: \??\C:\WINDOWS\system32\csrss.exe
908: \??\C:\WINDOWS\system32\winlogon.exe
960: C:\WINDOWS\system32\services.exe
972: C:\WINDOWS\system32\lsass.exe
1152: C:\WINDOWS\System32\Ati2evxx.exe
1176: C:\WINDOWS\system32\svchost.exe
1256: C:\WINDOWS\system32\svchost.exe
1340: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1380: C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
1404: C:\WINDOWS\System32\svchost.exe
1476: C:\WINDOWS\System32\svchost.exe
1584: C:\WINDOWS\System32\svchost.exe
1624: C:\Program Files\Outlook Express\msimn.exe
1728: C:\WINDOWS\System32\snmp.exe
1760: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1808: C:\WINDOWS\System32\svchost.exe
1996: C:\WINDOWS\system32\spoolsv.exe
2072: C:\WINDOWS\System32\hphmon05.exe
2112: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
2228: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2272: C:\WINDOWS\system32\carpserv.exe
2484: C:\WINDOWS\system32\ctfmon.exe
2504: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
2560: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
2624: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
2700: C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
2800: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2944: C:\WINDOWS\System32\alg.exe
3100: C:\WINDOWS\explorer.exe
3680: C:\Program Files\ewido anti-malware\securitysuite.exe
3768: C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
CleanUp! started on 01/28/06 00:32:55.
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\CleanUp40[1].exe - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk49.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk4B.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk4D.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk4F.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk51.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk53.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk55.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk57.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk59.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk5B.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk5D.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk5F.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk61.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk63.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk65.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk67.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk69.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk6B.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk6D.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk6F.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk71.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk73.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk75.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk77.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk79.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk7B.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk7D.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk7F.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk81.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\wbk83.tmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[10] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[11] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[12] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[13] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[14] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[15] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[16] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[17] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[18] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[19] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[1] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[20] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[21] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[22] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[23] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[24] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[25] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[26] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[27] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[28] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[29] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[2] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[30] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[3] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[4] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[5] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[6] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[7] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[8] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\3QKN3LOT\[9] - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\adsWrapper[1].js - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\arrow_green_normal[1].bmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Behaviors[2].css - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Common[1].js - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Common[2].js - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\Context[1].htm - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\democleanup[1].htm - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\democleanup[1].swf - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\firstpage[1].htm - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\NavBar[1].htm - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\NavBar[1].xml - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\promos[1].js - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\shared[1].css - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\shared[2].css - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\GZZZMG1L\shared[3].css - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\adsEnd[1].js - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\aol_fr_branding_background_image.gif.122482.1[1].gif - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\blank[1].htm - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\HHWRAPPER[1].htm - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\logo[1].bmp - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\pixel[1].gif - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\shared[1].css - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\L7J35PGE\shared[2].css - deleted
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
hcp://system/panels/HHWRAPPER.htm - deleted
http://pageperso.aol.fr/balltrap34/democleanup.swf - deleted
hcp://system/panels/firstpage.htm - deleted
http://pageperso.aol.fr/balltrap34/democleanup.htm - deleted
hcp://system/css/Behaviors.css - deleted
http://ar.atwola.com/file/adsWrapper.js - deleted
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe - deleted
hcp://system/panels/Context.htm - deleted
hcp://system/panels/NavBar.htm - deleted
hcp://system/panels/NavBar.xml - deleted
http://ar.atwola.com/file/adsEnd.js - deleted
hcp://system/images/24x24/arrow_green_normal.bmp - deleted
http://hometown-art.aol.com/main/pixel.gif - deleted
hcp://system/images/32x32/logo.bmp - deleted
hcp://system/panels/blank.htm - deleted
http://ht-brands.aol.com/PromoArt/aol_fr_branding_background_image.gif.122482.1.gif - deleted
C:\Documents and Settings\David\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012720060128\index.dat - deleted
C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012720060128\ - deleted
C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012820060129\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: David@hcp://system/panels/blank.htm - deleted
Visited: David@hcp://system/panels/HHWRAPPER.htm - deleted
Visited: David@hcp://system/panels/Context.htm - deleted
Visited: David@hcp://system/panels/firstpage.htm - deleted
Visited: David@http://pageperso.aol.fr/balltrap34/democleanup.htm - deleted
Visited: David@file:///C:/Documents%20and%20Settings/David/Mes%20documents/Rapport%20de%20connexion_20060128.txt - deleted
Visited: David@ms-its:C:\WINDOWS\Help\apps_sp.chm::/idh_w2_30012_40c.htm - deleted
Visited: David@file:///C:/Documents%20and%20Settings/David/Mes%20documents/Rapport%20de%20d%E9marrage_20060128.txt - deleted
Visited: David@file:///C:/Documents%20and%20Settings/David/Mes%20documents/Rapport%20des%20processus_20060128.txt - deleted
Visited: David@http://pageperso.aol.fr/Balltrap34/CleanUp40.exe - deleted
C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Recent\Rapport de connexion_20060128.txt.lnk - deleted
C:\Documents and Settings\David\Recent\Rapport de démarrage_20060128.txt.lnk - deleted
C:\Documents and Settings\David\Recent\Rapport des processus_20060128.txt.lnk - deleted
C:\DOCUME~1\David\LOCALS~1\Temp\ mon010.log currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\David\LOCALS~1\Temp\ mon010.log currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\JETC422.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_23c.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_6c0.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Temp\ mon010.log currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\AHUI.EXE-10CE5D84.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP40[1].EXE-17DBA470.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-278F473B.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted
C:\WINDOWS\Prefetch\SSMYPICS.SCR-01C62024.pf - deleted
C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf - deleted
C:\WINDOWS\Prefetch\WINNT32.EXE-07CE5394.pf - deleted
C:\Documents and Settings\David\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Historique\History.IE5\MSHist012006012820060129\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1036.dat.bak - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\Temp\JETC422.tmp currently in use. Will be deleted when Windows is restarted.
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.0 recovered 36.5 MB of disk space from 138 files.
CleanUp! finished on 01/28/06 00:34:08.


Je ne sais pas quoi faire pour nettoyer mon registre avec RegCleaner???


Davidounet

Bonjour,


Voilà mon rapport tel que demandé!!! Je vous reviens avec la suite....

Merci! Davidounet

Salut,

ton rapport me semble correct ou en est ton probléme?

a+