Sujet Précédent Sujet Suivant

Hijackthis : besoin d'aide pour l'analyse!!

Jéjé -  
 Utilisateur anonyme -
Bonjour,
Mon ordi est infecté par win32:Dialer-gen [Tri] (j'ai avast antivirus). Avast me propose de le supprimer, mais il réapparait regulièrement, parfois des que j'ouvre une application, en plus il me bloque souvent internet. J'ai téléchargé Hijacthis, mais je ne sais ce que je dois faire.
Voici le résultat de l'analyse :

Logfile of HijackThis v1.99.1
Scan saved at 09:07:53, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TimeSink\AdGateway\TsAdBot.exe
C:\Program Files\Borland\IntrBase\bin\ibserver.exe
C:\windows\system32\ymulznatbk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.wikipedia.org/wiki/Special:Random
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {849C1317-3494-CBA5-EB88-240A36EFA312} - XTermInit.dll (file missing)
F1 - win.ini: run=fntldr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"
O4 - HKLM\..\Run: [InterBase Server] C:\Program Files\Borland\IntrBase\bin\ibserver.exe
O4 - HKLM\..\Run: [XGhAs] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$vùõâ.–²ñÆ߆ÅNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$vùõâ.–²ñÆß²ËNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$îöíõ›/‚²‘ÆßfÏNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [ymulznatbk] c:\windows\system32\ymulznatbk.exe -start
O4 - HKLM\..\Run: [scanSYS] ExchangeMaster.exe
O4 - HKLM\..\Run: [defect08] sbin.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1074.dll,InstantAccess
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [panel_its] RtlFindVal.exe
O4 - HKCU\..\Run: [clamav] PrcIdle.exe
O4 - HKCU\..\Run: [powerdll] sysmon12.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {0002E559-0000-0000-C000-000000000046} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_FR_XP.cab
O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - http://www.friend.fr/friend/Friend2005-01.xms
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://info.httpsgateway.com/download/dialer/cax.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://www.sexe-exhibition.org/acces/002/ARCHIVE-VIDEOS.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4_XP.cab
O16 - DPF: {84A112EF-9841-4DCB-A6F0-32AF331EF5B4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_FR_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-intl/fr/games3.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_FR_XP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_XP.cab
O16 - DPF: {CA8A9780-280D-11CF-A24D-444553540000} (Adobe Acrobat Control for ActiveX) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstWCDT.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1072_XP.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.3pic.com/de/mov107de.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{349376D8-FDF8-423C-B436-53228D3FC348}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C49771D-B8E6-40BB-9CA0-66A947950E28}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{7583FD6D-4051-40E9-BCF0-E1342013621A}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{89CA74FC-E0A3-4388-939A-FAA9ABB946FE}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{349376D8-FDF8-423C-B436-53228D3FC348}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{349376D8-FDF8-423C-B436-53228D3FC348}: NameServer = 85.255.115.46,85.255.112.158
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {0F0CD7EF-8166-4392-8A3F-5B3594FAD1EA} - C:\Documents and Settings\ram_jerome\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Navigation étendue et définition (Connexion dictionnaire) - Friend ® - C:\WINDOWS\system32\Weather.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

Que dois-je faire??? Merci de votre aide!
A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
 
Salut,
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.wikipedia.org/wiki/Special:Random
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {849C1317-3494-CBA5-EB88-240A36EFA312} - XTermInit.dll (file missing)
F1 - win.ini: run=fntldr.exe
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://xxxtrayicon.com/xtrayinst.exe
O16 - DPF: {0002E559-0000-0000-C000-000000000046} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_FR_XP.cab
O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - http://www.friend.fr/friend/Friend2005-01.xms
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://info.httpsgateway.com/download/dialer/cax.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://www.sexe-exhibition.org/acces/002/ARCHIVE-VIDEOS.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab
O16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4_XP.cab
O16 - DPF: {84A112EF-9841-4DCB-A6F0-32AF331EF5B4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_FR_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-intl/fr/games3.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fr/games3.cab
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_FR_XP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_XP.cab
O16 - DPF: {CA8A9780-280D-11CF-A24D-444553540000} (Adobe Acrobat Control for ActiveX) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstWCDT.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1072_XP.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.3pic.com/de/mov107de.exe

C'est juste pour y voir plus clair car tu es pas mal infecté!

Telecharge, installe puis mets à jour ce logiciel, une fois que c'est fait, fais un scan complet de ton systeme et colle le rapport ici avec un nouveau rapport hijackthis.

Ewido:
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31851.html

A++
0
Réponse 2 / 3
Jéjé
 
Merci pour la réponse!
Voila, je viens de faire ce que tu m'as dit
Le rapport de ewido est le suivant :

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 12:12:44, 18/02/2006
+ Somme de contrôle: AF135483

+ Résultats du scan:

HKLM\SOFTWARE\Bargains -> Adware.BargainBuddy : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\AppID\expext.DLL -> Adware.MetaDirect : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Apuc.UrlCatcher -> Adware.TinyBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Apuc.UrlCatcher\CLSID -> Adware.TinyBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Apuc.UrlCatcher.1 -> Adware.TinyBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH\CLSID -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH\CurVer -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH.1 -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML\CLSID -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML.1 -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGDialObject.EGDial -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGDialObject.EGDial\CLSID -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\EGDialObject.EGDial.1 -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ExplorerExt.ExplorerExtObj -> Adware.MetaDirect : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ExplorerExt.ExplorerExtObj\CLSID -> Adware.MetaDirect : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ExplorerExt.ExplorerExtObj\CurVer -> Adware.MetaDirect : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ExplorerExt.ExplorerExtObj.1 -> Adware.MetaDirect : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTactivex.Installer -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTactivex.Installer\CLSID -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTactivex.Installer\CurVer -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTactivex.Installer.1 -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTactivex.Installer.2 -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ISTactivex.Installer.2\CLSID -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\NaviPromo.EGNaviScoring -> Adware.NaviPromo : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\NaviPromo.EGNaviScoring\CLSID -> Adware.NaviPromo : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\NaviPromo.EGNaviScoring.1 -> Adware.NaviPromo : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CLSID -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\VacPro.internazionale_ver3 -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\VacPro.internazionale_ver3\Clsid -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Adware.YourSiteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Adware.YourSiteBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Gator.com -> Adware.Gator : Nettoyer et sauvegarder
HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Nettoyer et sauvegarder
HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Nettoyer et sauvegarder
HKLM\SOFTWARE\TimeSink, Inc. -> Adware.TimeSink : Nettoyer et sauvegarder
HKLM\SOFTWARE\TimeSink, Inc.\AdGateway -> Adware.TimeSink : Nettoyer et sauvegarder
HKLM\SOFTWARE\TimeSink, Inc.\AdGateway\Channels -> Adware.TimeSink : Nettoyer et sauvegarder
HKLM\SOFTWARE\TimeSink, Inc.\AdGateway\Channels\ImgCarslRedist -> Adware.TimeSink : Nettoyer et sauvegarder
HKLM\SOFTWARE\TimeSink, Inc.\TSAdBot -> Adware.TimeSink : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Common -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Common\Time -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Common\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\EUI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Install -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\links -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\options -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\PI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg800 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg801 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg802 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg803 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg807 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg808 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg810 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg811 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg812 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg818 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg819 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg824 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg825 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg826 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg827 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg828 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg829 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg830 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg842 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg843 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg844 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg845 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg847 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg848 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg849 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg856 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sg857 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\Sample\Hist\sgsbt -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HostOI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HostOI\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HostOL -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\HostOL\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time\HostIE -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time\HostOI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time\HostOL -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644} -> Adware.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\EGDHTML -> Dialer.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\GlobalCS -> Dialer.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\Holistyc -> Dialer.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\Holistyc\Hot Amateurs-321 -> Dialer.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\Holistyc\Mature Ladies-329 -> Dialer.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\Holistyc\XXX Porn-557 -> Dialer.Generic : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\IST -> Adware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\ISTbar -> Adware.ISTBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\PowerScan -> Adware.PowerScan : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\TimeSink, Inc.\TSAdBot -> Adware.TimeSink : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\TimeSink, Inc.\TSAdBot\Clients -> Adware.TimeSink : Nettoyer et sauvegarder
HKU\S-1-5-21-1357918408-3770143713-2930612293-1005\Software\TimeSink, Inc.\TSAdBot\Clients\ImgCarslRedist -> Adware.TimeSink : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Common -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Common\Time -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Common\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\EUI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Install -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\links -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\options -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\PI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg800 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg801 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg802 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg803 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg807 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg808 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg810 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg811 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg812 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg818 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg819 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg824 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg825 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg826 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg827 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg828 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg829 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg830 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg842 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg843 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg844 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg845 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg847 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg848 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg849 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg856 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sg857 -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\Sample\Hist\sgsbt -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HostOI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HostOI\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HostOL -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\HostOL\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time\HostIE -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time\HostOI -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time\HostOL -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644} -> Adware.Generic : Nettoyer et sauvegarder
[800] VM_00D60000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[824] VM_00D90000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[872] VM_00A10000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[884] VM_00C30000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1032] VM_00B50000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1116] VM_00950000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1160] VM_00EE0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1212] VM_00970000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1296] VM_00B30000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1644] VM_00E40000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1772] VM_00AC0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1784] VM_08B20000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1832] VM_009C0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1844] VM_00DE0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1924] VM_013E0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2004] VM_00360000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2028] VM_006D0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[132] VM_008A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[224] VM_01450000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[700] VM_009D0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1484] VM_01B00000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1616] VM_025A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1960] VM_008B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[172] VM_00890000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[472] VM_006C0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2020] VM_00B20000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1088] VM_00D80000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2060] VM_00890000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2260] VM_009A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2312] VM_009A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2368] VM_00330000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2528] VM_008B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[4032] VM_00860000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3072] VM_00880000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3332] VM_00330000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3720] VM_00910000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3808] VM_00880000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2984] VM_00890000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3744] VM_009C0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[192] VM_00980000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3444] VM_012F0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2644] VM_008A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3884] VM_003B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
C:\Documents and Settings\Djé\Cookies\djé@2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@ads18.bpath[1].txt -> TrackingCookie.Bpath : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@c.porngraph[2].txt -> TrackingCookie.Porngraph : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@servedby.advertising[2].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Cookies\djé@zedo[2].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Menu Démarrer\Programmes\Power Scan -> Adware.PowerScan : Nettoyer et sauvegarder
C:\Documents and Settings\Djé\Menu Démarrer\Programmes\Power Scan\Power Scan.lnk -> Adware.PowerScan : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@estat[2].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Cookies\system@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@advertising[2].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@casinopays[1].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter15.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter16.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@ehg-systran.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@hotlog[1].txt -> TrackingCookie.Hotlog : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@paycounter[2].txt -> TrackingCookie.Paycounter : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@revenue[2].txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@wreport.weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Cookies\ram_jerome@zedo[1].txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Local Settings\Temp\pts3D.tmp -> Adware.Casino : Nettoyer et sauvegarder
C:\Documents and Settings\ram_jerome\Local Settings\Temp\pts3E.tmp -> Adware.Casino : Nettoyer et sauvegarder
C:\holi65428437.exe -> Dialer.Holistyc : Nettoyer et sauvegarder
C:\Program Files\Bargain Buddy\bin\cb.exe -> Adware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\Bargain Buddy\bin2\apuc.dll -> Adware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\Bargain Buddy\bin2\bargains.exe -> Adware.BargainBuddy : Nettoyer et sauvegarder
C:\Program Files\ISTsvc -> Adware.ISTBar : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP477\A0334497.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP478\A0337635.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP480\A0337779.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP480\A0337918.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP481\A0338107.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP482\A0339230.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP483\A0345408.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP484\A0350490.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP485\A0350501.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP486\A0350591.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP488\A0354794.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355043.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355045.ini -> Trojan.Zapchast.a : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355053.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355054.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355055.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355056.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355057.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355059.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355061.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355062.dll -> Adware.TimeSink : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355064.dll -> Adware.BargainBuddy : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355065.exe -> Adware.BargainBuddy : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355066.exe -> Adware.TimeSink : Nettoyer et sauvegarder
C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP489\A0355067.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104934-348.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104935-291.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104937-903.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104938-763.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104939-394.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104940-994.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104941-389.dll -> Adware.WinAD : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104944-973.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\unzipped\hijackthis_199\backups\backup-20060218-104946-835.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll -> Adware.Gator : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.dll -> Adware.Gator : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1018.dll -> Adware.Gator : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll -> Adware.Gator : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll -> Adware.Gator : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\UWAS5_0001_N57M0812NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyer et sauvegarder
C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_N57M1412NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyer et sauvegarder
C:\WINDOWS\ExeDialer.exe -> Dialer.Generic : Nettoyer et sauvegarder
C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.m : Nettoyer et sauvegarder
C:\WINDOWS\system32\EGDACCESS_1067.dll -> Dialer.InstantAccess.f : Nettoyer et sauvegarder
C:\WINDOWS\system32\EGDHTML_1024.dll -> Downloader.Wintrim.h : Nettoyer et sauvegarder
C:\WINDOWS\system32\EGDial.dll -> Dialer.EGroup.1025 : Nettoyer et sauvegarder
C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\system@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\WINDOWS\VcpDLL.dll -> Adware.TimeSink : Nettoyer et sauvegarder

::Fin du rapport

je relance hijackthis maintenant
0
Réponse 3 / 3
Jéjé
 
Voici le rapport de Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12:20:05, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Borland\IntrBase\bin\ibserver.exe
C:\windows\system32\ymulznatbk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [InterBase Server] C:\Program Files\Borland\IntrBase\bin\ibserver.exe
O4 - HKLM\..\Run: [XGhAs] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$vùõâ.–²ñÆ߆ÅNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$vùõâ.–²ñÆß²ËNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$îöíõ›/‚²‘ÆßfÏNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [ymulznatbk] c:\windows\system32\ymulznatbk.exe -start
O4 - HKLM\..\Run: [scanSYS] ExchangeMaster.exe
O4 - HKLM\..\Run: [defect08] sbin.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1074.dll,InstantAccess
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [panel_its] RtlFindVal.exe
O4 - HKCU\..\Run: [clamav] PrcIdle.exe
O4 - HKCU\..\Run: [powerdll] sysmon12.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{349376D8-FDF8-423C-B436-53228D3FC348}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C49771D-B8E6-40BB-9CA0-66A947950E28}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{7583FD6D-4051-40E9-BCF0-E1342013621A}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{89CA74FC-E0A3-4388-939A-FAA9ABB946FE}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{349376D8-FDF8-423C-B436-53228D3FC348}: NameServer = 85.255.115.46,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{349376D8-FDF8-423C-B436-53228D3FC348}: NameServer = 85.255.115.46,85.255.112.158
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {0F0CD7EF-8166-4392-8A3F-5B3594FAD1EA} - C:\Documents and Settings\ram_jerome\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Navigation étendue et définition (Connexion dictionnaire) - Friend ® - C:\WINDOWS\system32\Weather.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

Que dois-je faire maintenant??
MERCI!
0
Utilisateur anonyme
 
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll (file missing)
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [XGhAs] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$vùõâ.–²ñÆ߆ÅNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$vùõâ.–²ñÆß²ËNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [XGh$îöíõ›/‚²‘ÆßfÏNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\htmwl.exe
O4 - HKLM\..\Run: [ymulznatbk] c:\windows\system32\ymulznatbk.exe -start
O4 - HKLM\..\Run: [scanSYS] ExchangeMaster.exe
O4 - HKLM\..\Run: [defect08] sbin.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1074.dll,InstantAccess
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [panel_its] RtlFindVal.exe
O4 - HKCU\..\Run: [clamav] PrcIdle.exe
O4 - HKCU\..\Run: [powerdll] sysmon12.exe
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)


clique sur demarrer, poste de travail, C:, program files, cherches et supprimes ces dossiers:

Bargain Buddy
SpySpotter3
UnSpyPC
ISTsvc

Clique sur demarrer, rechercher, cherches et supprimes ces fichiers:

soundmx.exe
NsUpdate.exe
htmwl.exe
htmwl.exe
htmwl.exe
htmwl.exe
ymulznatbk.exe
ExchangeMaster.exe
sbin.exe
yaemu.exe
EGDACCESS_1074.dll
RtlFindVal.exe
PrcIdle.exe
sysmon12.exe

Certainement que des fichiers vont persistés lors de la suppression donc tu les notes sur un bout de feuille puis tu fais ceci pour pouvoir les supprimés:

redemarres l'ordi, tapotes la touche f8 des de demarrage du pc, un ecran va apparaitre tu choisis "mode sans echec" tu attends un peu..pusi tu recherches à nouveau les fichiers qui persistaient pendant la suppression tu les supprimes, même chose pour les dossiers sitès au dessus, tu vides ta corbeille et tu redemarres normalement puis tu remets un rapport hijackthis :-)
0

Discussions similaires

Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
spywar
stephane74 -
stephane74 -

4 réponses
Processus et démarrage
baptcollot -
baptcollot -

4 réponses
Analyse logs hijackthis
embêté -
Utilisateur anonyme -

21 réponses
rapport Hijackthis
kawito33 -
kawito33 -

87 réponses