Que faire avec après hi jack! merci !

Résolu
christelle -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
bonjour à tous ! mon pc plante sans arrêt ! on m'a conseiller de faire un rapport hijack et de le poster sur ce forum! si quelqu'un pouvait m'aider ça serait sympas car je suis pas super douée ! merci! Logfile of HijackThis v1.99.1
Scan saved at 10:30:30, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Registry Clean Pro\Monitor.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6eb449a7-a9e7-4a23-a848-4a552d47de3b} - C:\WINDOWS\system32\browben.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\qonomk.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CHIC 16] C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000(3)
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: browben - C:\WINDOWS\SYSTEM32\browben.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
Configuration: Windows XP
Firefox 2.0.0.3

25 réponses

  • 1
  • 2
Résumé de la discussion

Une personne signale des plantages répétés de son ordinateur et demande de l’aide en partageant un rapport HijackThis, afin d’identifier des éléments potentiellement malveillants ou indésirables. Plusieurs éléments du rapport suggèrent une collecte exhaustive d’éléments système et des programmes légitimes (ANTIVIRUS, Google Updater, Spyware Doctor, Norton) parfois signalés comme potentiellement indésirables, ce qui implique d’interpréter prudemment les résultats. Des mesures pratiques recommandées incluent la vérification et la désactivation des éléments de démarrage suspects, la gestion des tâches planifiées, et l’exécution de scans complets avec des antispyware et antivirus mis à jour. Pour aller plus loin, des vérifications complémentaires sur les barres d’outils et les modules résiduels sont conseillées et la sauvegarde des données précède toute réinstallation éventuelle.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Alex9333 Messages postés 52 Statut Membre 2
     
    Tu utilise NORTON et Spyware doctor?
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      oui j'utilise norton et spyware doctor il ne faut pas ?
      0
  2. chrisetsylvain Messages postés 112 Statut Membre
     
    mon ordi n'arrête pas de planter quelqu'un pourrait il m'aider à voir s'il y a quelque chose à faire ! je poste mon rapport hijackthis ici svp! merci !Logfile of HijackThis v1.99.1
    Scan saved at 16:07:04, on 11/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Registry Clean Pro\Monitor.exe
    C:\Program Files\Registry Clean Pro\Scheduler.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
    O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6eb449a7-a9e7-4a23-a848-4a552d47de3b} - C:\WINDOWS\system32\browben.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CHIC 16] C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe
    O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000(3)
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: browben - C:\WINDOWS\SYSTEM32\browben.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    0
    1. Alex9333 Messages postés 52 Statut Membre 2
       
      Essai en désactivant spyware doctor?
      Qu'est ce qui plant ecran noir, affichage de l'arriere plan, affichage bloqué , ordi qui s'éteint?
      0
    2. chrisetsylvain Messages postés 112 Statut Membre
       
      salut alex et merci pour ton aide j'ai desactivé spydoctor mais ça plante toujours tous s'arrete horloge bloquée souris et plus rien ne répond je n'arrive meme pas à l'éteindre ou à le rallumer selon les cas alors j'appuie sur le bouton déconnection de la tour et je rallume et là ça repard si t'as une autre idée? merci d'avance car là je sais plus quoi faire
      0
  3. Alex9333 Messages postés 52 Statut Membre 2
     
    Aurais tu installer un programme depuis que ça plante? As-tu éssayé en mode sans échec? Peux tu fait Ctrl+alt+suppr?

    Essaye d'attendre une petite heure des fois sa reviens moi sa m'arrive quand je convertit des films.
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      non je n'ai rien installé pour le mode sans echec je ne sais pas comment on fait ctrl+alt+suppr impossible à faire quand ça plante et attendu une après midi entière sans succès merci quand même t'as pas une autre idée merci d'avance
      0
  4. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    je n'ai pas le temps de traiter, mais c'est clairement infectieux.

    Alex, pour continuer à aider chrisetsylvain, tu as du vundo (traiter par vundofix), mywebsearch (BFU avec toolbar.bfu de chercheur) et probablement Cid-lop (avec une procédure dans les trucs et astuces du site).

    Bonne suite.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,
    1) Vundo

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.

    2) Mywebsearch

    Télécharge Brute Force Uninstaller (de Merijn) ici: http://www.merijn.org/files/bfu.zip
    Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)
    Ensuite, télécharge Toolbar.bfu (de Chercheur) :
    Fais un clik droit ici : : http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
    et choisis "Enregistrer la cible sous..." afin de télécharger Toolbar.bfu (de Chercheur).
    Sauvegarde dans le dossier créé (C:\BFU).
    **Note : si tu utilises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Tu as une démo animée ici (merci balltrap34):
    http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm
    _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
    Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
    - Clique sur le petit dossier jaune, et clique sur : Toolbar.bfu
    - Coches la case Show log after scrïpt ends
    - Clique sur Execute pour que le fix fasse son boulot :-) Attends que le message Complete scrïpt execution apparaîsse et clique sur OK.
    Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
    Clique Exit pour fermer le programme BFU.

    3) Cid

    Télécharge ceci:
    http://sosvirus.changelog.fr/Green_day/Lopxp.exe

    Lance Lopxp.bat.
    Au menu, choisis l'option 1 "Rechercher / Générer un rapport"
    Patiente et lorsque l'on te demande d'appuyer sur une touche, appuie.
    Ensuite, le rapport s'ouvre, copie colle le en entier sur le forum.

    4) Remets aussi un rapport Hijackthis.
    @+
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      merci pour ton aide j'ai faits ce que tu m'as dit alors ! voilà mon rapport bfu BFU v1.00.9
      Windows XP SP2 (WinNT 5.01.2600 SP2)
      Script started at 15:48:35, on 13/05/2007

      Option Unload Explorer: Yes
      Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPND2FN.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Internet Explorer\msimg32.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MSN Messenger\msimg32.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\NPND2FN.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\5.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\6.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Need2Find\bar\7.bin\ND2FNBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\INSTAFINK\instafink.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\RXToolBar\RXToolBar.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\RXToolBar\sfcont.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\1.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\2.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\3.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\4.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\5.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\6.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\7.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\8.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\9.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\a.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\b.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\c.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\d.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\e.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\f.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\i.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\bar\l.bin\*.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\8.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\b.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\Uninstall My Web Search.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\2.bin\MTSSRCAS.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\3.bin\MTSSRCAS.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\4.bin\MTSSRCAS.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\5.bin\MTSSRCAS.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\1.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\5.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\mybar.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\installr\1.bin\myezsetp.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\1.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\2.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\3.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\4.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\5.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\6.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\7.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\8.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\9.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\a.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\b.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\c.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\mybar\d.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\srchastt\1.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\srchastt\2.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\srchastt\3.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mywaysa\srchasde\1.bin\desrcas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mywaysa\srchasde\desrcas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\1.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\2.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\3.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\4.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\5.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\6.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\7.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\8.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\9.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\10.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myway\SearchAt\11.bin\MWSSRCAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\myglobalsearch\bar\1.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myglobalsearch\bar\2.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myglobalsearch\bar\3.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\myglobalsearch\bar\4.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\bar\1.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\bar\2.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\bar\3.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\bar\4.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\bar\5.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\bar\i.bin\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\installr\1.bin\s4ezsetp.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\srchastt\1.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\srchastt\2.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\srchastt\3.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\srchastt\4.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\mysearch\srchastt\5.bin\mysrchas.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.1.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.2.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.1\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.0.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.1.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.1\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.5.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.7.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.0.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.2.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.4.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.7.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0\rb2f.tmp\hbt*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\Bin.7.5.0\HbtWallpaper.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hbtools\hbtv\hbtvhelper.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0\*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0\rb24e.tmp\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\0.4.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.10.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.1.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.3.0.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\ShoppingReportBin\2.0.21\ShoppingReport.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\SmartShopper\Bin\1.0.9.0\SmrtShpr.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\smartshopper\bin\2.0.1\smrtshpr.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\shoppingreport\shoppingreport.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\js.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\smartshopper\shoppingreport.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\starware\bin\starware.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\starware305\bin\starware305.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\starware316\bin\starware316.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\Starware343\bin\Starware343.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\minijuegos\bin\minijuegos.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\starware\bin\dlls\jokester.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\temp\asearchassist.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\adesktopsearch.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\asearchassist.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\atl71.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\atoolbar.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\AToolbarCN.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\atts.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\mapidll.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\accoona\viewers\AThes.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\gamesbar\oberontb.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\vstoolbar\vstoolbar.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\vsadd-in\vsadd-in.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.4.2\pagerevisor.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.5.0\pagerevisor.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.7.6\pagerevisor.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.8.4\pagerevisor.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\8848\mysearch\pagerevisor.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\downloaded program files\hbinstie.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\instafin.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\mwsearch.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\pagerevisor.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\azentretien.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\cpu.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\iasada.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\zsettings.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\azentretien.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\hbhostie.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\iacad.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\iasad.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\iasada.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\lmhhmbhe.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\xcite.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\zolk.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\zolker*.dll|1 (file not found)
      Failed: DllUnregister C:\WINDOWS\system32\ztoolb*.dll|1 (file not found)
      Failed: DllUnregister C:\Program Files\Uninstall Fun Web Products.dll|1 (file not found)
      Failed: DllUnregister C:\Documents and Settings\christelle\Bureau\a7find.dll|1 (file not found)
      Failed: DllUnregister C:\Documents and Settings\christelle\Bureau\wmeayl32.dll|1 (file not found)
      Failed: DllUnregister C:\msearch.dll|1 (file not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\hbtools (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\hotbar (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\searchtoolbarcorp (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\ShopperReports (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\ShopperReportss (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\SpamBlocker (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\SpamBlockerUtility (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\starware (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\starware305 (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\starware316 (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\starware343 (folder not found)
      Failed: FolderDelete C:\Documents and Settings\christelle\Application Data\HbTools_Icons (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\HbTools_Icons (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\hbtools (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\ShopperReports (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware305 (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware316 (folder not found)
      Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware343 (folder not found)
      Failed: FolderDelete C:\WINDOWS\system32\shoppingreport (folder not found)
      Failed: FolderDelete C:\WINDOWS\system32\SmartShopper (folder not found)
      Failed: FolderDelete C:\Program Files\accoona (folder not found)
      Failed: FolderDelete C:\Program Files\AskTBar (folder not found)
      Failed: FolderDelete C:\Program Files\FunWebProducts (folder not found)
      Failed: FolderDelete C:\Program Files\GamesBar (folder not found)
      Failed: FolderDelete C:\Program Files\hbinst (folder not found)
      Failed: FolderDelete C:\Program Files\hbtools (folder not found)
      Failed: FolderDelete C:\Program Files\HbTools_Icons (folder not found)
      Failed: FolderDelete C:\Program Files\hotbar (folder not found)
      Failed: FolderDelete C:\Program Files\INSTAFIN (folder not found)
      Failed: FolderDelete C:\Program Files\INSTAFINK (folder not found)
      Failed: FolderDelete C:\Program Files\minijuegos (folder not found)
      Failed: FolderDelete C:\Program Files\myglobalsearch (folder not found)
      Failed: FolderDelete C:\Program Files\mysearch (folder not found)
      Failed: FolderDelete C:\Program Files\MyTotalSearch (folder not found)
      Failed: FolderDelete C:\Program Files\myway (folder not found)
      Failed: FolderDelete C:\Program Files\mywaysa (folder not found)
      Failed: FolderDelete C:\Program Files\MyWebSearch (folder not found)
      Failed: FolderDelete C:\Program Files\MyWebSearchWB (folder not found)
      Failed: FolderDelete C:\Program Files\Need2Find (folder not found)
      Failed: FolderDelete C:\Program Files\rxtoolbar (folder not found)
      Failed: FolderDelete C:\Program Files\ShopperReports (folder not found)
      Failed: FolderDelete C:\Program Files\ShoppingReport (folder not found)
      Failed: FolderDelete C:\Program Files\SmartShopper (folder not found)
      Failed: FolderDelete C:\Program Files\SpamBlockerUtility (folder not found)
      Failed: FolderDelete C:\Program Files\SpamBlockerUtility_Icons (folder not found)
      Failed: FolderDelete C:\Program Files\starware (folder not found)
      Failed: FolderDelete C:\Program Files\starware305 (folder not found)
      Failed: FolderDelete C:\Program Files\starware316 (folder not found)
      Failed: FolderDelete C:\Program Files\starware343 (folder not found)
      Failed: FolderDelete C:\Program Files\vsadd-in (folder not found)
      Failed: FolderDelete C:\Program Files\vstoolbar (folder not found)
      Failed: FolderDelete C:\Program Files\8848 (folder not found)
      Failed: FileDelete C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Perflib_Perfdata_440.dat (operation failed)
      Failed: FileDelete C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DF2756.tmp (operation failed)
      Failed: FileDelete C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DF3F35.tmp (operation failed)
      Failed: FileDelete C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DF48D5.tmp (operation failed)
      Failed: FileDelete C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DF6E82.tmp (operation failed)
      Failed: FileDelete C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat (operation failed)
      Script completed.


      ensuite pour vundo il n'y avait rien "no files infected"

      mon rapport lopxp.bat.


      _____________ Rapport Lopxp fait le 13/05/2007 à 16:00:47,53 _______________


      /!\ Attention /!\

      Les résultats de ce rapport sont sujets à interprétations,
      Et ne démontrent pas systématiquement des dossiers infectés...


      _________________________ Recherche prédéterminé __________________________


      [X] C:\Program Files\BitDownload Présent !

      Date d'installation/Création du dossier: 07/03/2007 à 14:02
      Dernière modification du dossier le: 13/04/2007 à 21:07

      Recherche des dossiers crées le: 07/03/2007

      C:\Program Files

      07/03/2007 18:32 <REP> OBERON~1 Oberon Media
      07/03/2007 15:59 <REP> FpTest
      07/03/2007 14:02 <REP> BITDOW~1 BitDownload

      C:\Documents and Settings\christelle\Application Data

      07/03/2007 14:02 <REP> BITDOW~1 BitDownload

      C:\Documents and Settings\enfants\Application Data

      07/03/2007 18:24 <REP> Talkback


      _________________________ Recherche heuristique __________________________


      C:\Documents and Settings\All Users\Application Data\ownsactiveregsaxis
      C:\Documents and Settings\All Users\Application Data\ownsactiveregsaxis
      C:\Documents and Settings\All Users\Application Data\ownsactiveregsaxis
      C:\Documents and Settings\christelle\Application Data\SecuROM\UserData


      ___________________________ Tâches planifiées _____________________________

      Tâche cachée à l'utilistateur:

      C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
      Fichier lancé: Scheduled

      Listing de toutes les tâches planifiées:

      MP Scheduled Quick Scan.job: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe Scan -RestrictPrivileges -ScanType 1 -disabled
      Norton AntiVirus - Analyser mon ordinateur - christelle.job: C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
      Norton Security Scan.job: C:\Program Files\Norton Security Scan\Nss.exe /scan-full /scheduleignorenav /scheduled
      RegistrySmart Scheduled Scan.job: C:\Program Files\RegistrySmart\RegistrySmart.exe scheduled


      __________ Détection des paramètres de désinstallation du sponsor _________

      Sponsor P2P:

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\help list load]

      DisplayName REG_SZ CiD Help
      UninstallString REG_SZ C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe -uninstall


      - Label de désinstallation listé "CiD Help" dans Ajout/Supression de Programmes.

      Sponsor MSN+:


      __________________ Listing des dossiers Application Data __________________


      C:\Documents and Settings\All Users\Application Data

      Date/heure Création Nom court Nom long

      25/04/2007 à 22:03 | Adobe
      14/04/2007 à 17:48 | ESTsoft
      14/04/2007 à 17:10 | 55-61-~1 55-61-rp-73-30-45
      08/03/2007 à 13:22 | Trymedia
      05/03/2007 à 14:47 | TEMP
      02/03/2007 à 11:15 | Adobe(3)
      21/02/2007 à 21:48 | WHITEC~1 WhiteCap (Holiday Edition)
      21/02/2007 à 14:36 | Google
      21/02/2007 à 14:01 | GOOGLE~1 Google Updater
      19/02/2007 à 14:06 | OWNSAC~1 ownsactiveregsaxis
      17/02/2007 à 15:47 | YAHOO!~1 Yahoo! Companion
      15/02/2007 à 13:19 | MACROV~1 Macrovision
      13/02/2007 à 12:13 | MUMBOJ~1 MumboJumbo
      12/02/2007 à 13:28 | SPYBOT~1 Spybot - Search & Destroy
      07/02/2007 à 10:57 | Adobe(2)
      02/02/2007 à 10:06 | WINDOW~2 Windows Live Toolbar
      31/01/2007 à 16:46 | WINDOW~1 Windows Genuine Advantage
      06/08/2006 à 11:25 | MSSCAN~1 MSScanAppDataDir
      30/06/2006 à 22:51 | CYBERL~1 CyberLink
      30/06/2006 à 21:51 | UDL
      30/06/2006 à 20:38 | QUICKT~1 QuickTime
      30/06/2006 à 18:37 | eConsole
      16/12/2005 à 11:54 | Symantec
      16/12/2005 à 03:08 | MICROS~1 Microsoft


      C:\Documents and Settings\christelle\Application Data

      Date/heure Création Nom court Nom long

      28/04/2007 à 11:10 | REGIST~1 RegistrySmart
      14/04/2007 à 17:49 | ESTsoft
      13/04/2007 à 20:40 | Shareaza
      23/03/2007 à 18:19 | FUNWEB~1 FunWebProducts
      07/03/2007 à 14:02 | BITDOW~1 BitDownload
      03/03/2007 à 19:08 | 7Wonders
      21/02/2007 à 14:32 | Google
      20/02/2007 à 20:21 | MESSEN~1 MessengerSkinner
      19/02/2007 à 14:06 | TESTPU~1 Test pure each
      18/02/2007 à 23:02 | iWin
      18/02/2007 à 17:53 | Boomzap
      16/02/2007 à 14:55 | DRIVEC~1 DriveCleaner 2006 Free
      14/02/2007 à 10:36 | SecuROM
      12/02/2007 à 16:32 | Lavasoft
      07/02/2007 à 17:40 | vlc
      31/01/2007 à 19:29 | Talkback
      31/01/2007 à 19:29 | THUNDE~1 Thunderbird
      31/01/2007 à 19:29 | Mozilla
      31/01/2007 à 17:45 | MSNINS~1 MSNInstaller
      15/01/2007 à 12:53 | MEDIAP~1 Media Player Classic
      20/09/2006 à 15:26 | IMAGEZ~1 Image Zone Express
      20/09/2006 à 15:24 | MACROM~1 Macromedia
      16/09/2006 à 17:16 | Help
      11/08/2006 à 17:46 | CYBERL~1 CyberLink
      06/07/2006 à 16:13 | Sun
      30/06/2006 à 22:45 | AdobeUM
      30/06/2006 à 22:42 | EPSON
      30/06/2006 à 18:43 | Adobe
      30/06/2006 à 14:52 | IDENTI~1 Identities
      30/06/2006 à 14:52 | Symantec
      30/06/2006 à 14:52 | MICROS~1 Microsoft


      C:\Documents and Settings\christelle\Local Settings\Application Data

      Date/heure Création Nom court Nom long

      05/03/2007 à 18:27 | Shareaza
      21/02/2007 à 14:32 | Google
      31/01/2007 à 20:07 | APPLIC~1 ApplicationHistory
      31/01/2007 à 19:38 | Mozilla
      31/01/2007 à 19:29 | THUNDE~1 Thunderbird
      07/12/2006 à 16:37 | IDENTI~1 Identities
      16/09/2006 à 17:16 | Help
      16/09/2006 à 16:56 | WMTOOL~1 WMTools Downloaded Files
      30/06/2006 à 18:43 | Adobe
      30/06/2006 à 16:04 | ABBYY
      30/06/2006 à 14:52 | MICROS~1 Microsoft
      30/06/2006 à 14:52 | {3248F~1 {3248F0A6-6813-11D6-A77B-00B0D0150050}


      C:\Documents and Settings\enfants\Application Data

      Date/heure Création Nom court Nom long

      07/03/2007 à 18:24 | Talkback
      21/02/2007 à 18:20 | Google
      20/02/2007 à 19:57 | MESSEN~1 MessengerSkinner
      20/02/2007 à 18:36 | Mozilla
      18/02/2007 à 17:01 | DivX
      18/02/2007 à 16:55 | MEDIAP~1 Media Player Classic
      31/12/2006 à 11:16 | MACROM~1 Macromedia
      29/12/2006 à 11:55 | Adobe
      29/12/2006 à 11:55 | INTERT~1 InterTrust
      22/09/2006 à 16:23 | Help
      20/08/2006 à 11:29 | CYBERL~1 CyberLink
      06/07/2006 à 09:23 | EPSON
      30/06/2006 à 19:51 | IDENTI~1 Identities
      30/06/2006 à 19:51 | Symantec
      30/06/2006 à 19:51 | MICROS~1 Microsoft


      C:\Documents and Settings\enfants\Local Settings\Application Data

      Date/heure Création Nom court Nom long

      21/02/2007 à 18:20 | Google
      20/02/2007 à 18:36 | Mozilla
      22/09/2006 à 16:23 | Help
      30/06/2006 à 19:51 | MICROS~1 Microsoft
      30/06/2006 à 19:51 | {3248F~1 {3248F0A6-6813-11D6-A77B-00B0D0150050}


      ____________________ Listing du dossier Program Files _____________________

      C:\Program Files

      Date/heure Création Nom court Nom long

      11/05/2007 à 10:24 | HIJACK~1 Hijackthis Version Fran‡aise
      03/05/2007 à 00:24 | REGIST~3 Registry Clean Pro
      29/04/2007 à 13:02 | REGIST~1 RegistrySmart
      25/04/2007 à 21:46 | NORTON~2 Norton Security Scan
      24/04/2007 à 11:10 | Trymedia
      23/04/2007 à 13:00 | TESTPU~1 Test pure each
      15/04/2007 à 13:12 | FAIRYT~1 Fairy Treasure
      14/04/2007 à 18:42 | JEWELS~1 Jewels of Cleopatra
      14/04/2007 à 18:41 | REFLEX~1 ReflexiveArcade
      14/04/2007 à 17:48 | ESTsoft
      14/04/2007 à 17:10 | GAMEHO~1 GameHouse
      13/04/2007 à 20:40 | Shareaza
      12/04/2007 à 22:42 | A-SQUA~1 a-squared Free
      12/04/2007 à 22:28 | Grisoft
      12/04/2007 à 15:40 | Samsung
      06/04/2007 à 08:48 | Ahead
      06/04/2007 à 08:29 | 3PLANE~1 3Planesoft Screensaver Manager
      06/04/2007 à 08:29 | THELOS~1 The Lost Watch 3D Screensaver
      04/04/2007 à 13:33 | Real
      08/03/2007 à 17:11 | VideoLAN
      07/03/2007 à 18:32 | OBERON~1 Oberon Media
      07/03/2007 à 15:59 | FpTest
      07/03/2007 à 14:02 | BITDOW~1 BitDownload
      06/03/2007 à 14:49 | FREEAN~1 FreeAngel
      03/03/2007 à 19:08 | MUMBOJ~1 MumboJumbo
      02/03/2007 à 21:38 | MACROG~1 Macrogaming
      24/02/2007 à 18:42 | REGCLE~1 RegCleaner
      24/02/2007 à 12:23 | 3BSOFT~1 3B Software
      23/02/2007 à 18:02 | SYMNET~1 SymNetDrv
      23/02/2007 à 17:53 | Symantec
      22/02/2007 à 21:38 | ONLINE~1 Online Services
      22/02/2007 à 20:58 | MICROS~3 Microsoft Works
      21/02/2007 à 14:25 | Picasa2
      20/02/2007 à 19:57 | MESSEN~2 MessengerSkinner
      19/02/2007 à 17:24 | ROXYPA~1 roxypalace_fr_T
      18/02/2007 à 17:00 | Google
      18/02/2007 à 16:59 | DivX
      17/02/2007 à 11:17 | CCleaner
      12/02/2007 à 20:59 | Yahoo!
      12/02/2007 à 16:32 | Lavasoft
      12/02/2007 à 14:25 | AOLSEC~1 AOL Security Toolbar
      12/02/2007 à 13:28 | SPYBOT~1 Spybot - Search & Destroy
      12/02/2007 à 11:22 | SOFT4E~1 Soft4Ever
      12/02/2007 à 10:24 | ALWILS~1 Alwil Software
      07/02/2007 à 17:35 | FREEPL~1 Freeplayer
      07/02/2007 à 10:49 | WI4DF6~1 Windows Media Connect 2
      04/02/2007 à 14:19 | COMMON~1 Common Files
      03/02/2007 à 12:44 | LimeWire
      02/02/2007 à 10:06 | WI48FA~1 Windows Live Favorites
      02/02/2007 à 10:06 | WINDOW~4 Windows Live Toolbar
      02/02/2007 à 09:53 | MSNMES~1 MSN Messenger
      31/01/2007 à 19:38 | MOZILL~2 Mozilla Firefox
      31/01/2007 à 19:29 | MOZILL~1 Mozilla Thunderbird
      31/01/2007 à 19:06 | FILEZI~1 FileZilla
      26/01/2007 à 16:22 | Free
      07/01/2007 à 20:00 | SATSUK~1 Satsuki Decoder Pack
      20/09/2006 à 15:23 | HP
      12/09/2006 à 17:05 | MICROA~1 Micro Application
      11/09/2006 à 15:19 | ANUMAN~1 Anuman Interactive
      15/08/2006 à 18:43 | KINGSM~1 Kings Mahjongg
      28/07/2006 à 16:43 | SIERRA~1 Sierra On-Line
      28/07/2006 à 16:43 | Intel
      06/07/2006 à 14:54 | MICROS~2 Microsoft Office
      30/06/2006 à 21:43 | EPSON
      30/06/2006 à 20:39 | QUICKT~1 QuickTime
      30/06/2006 à 18:50 | ALBUMP~1 Album Photos Kodak
      30/06/2006 à 14:53 | Acer
      16/12/2005 à 11:53 | INSTAL~1 InstallShield Installation Information
      16/12/2005 à 11:53 | NORTON~1 Norton AntiVirus
      16/12/2005 à 03:24 | FICHIE~1 Fichiers communs
      16/12/2005 à 03:22 | CYBERL~1 CyberLink
      16/12/2005 à 03:21 | Java
      16/12/2005 à 03:20 | NEWTEC~1 NewTech Infosystems
      16/12/2005 à 03:18 | Adobe
      16/12/2005 à 03:17 | INTERN~1 Internet Explorer
      16/12/2005 à 03:17 | UNINST~1 Uninstall Information
      16/12/2005 à 03:14 | Realtek
      16/12/2005 à 03:11 | MESSEN~1 Messenger
      16/12/2005 à 03:08 | xerox
      16/12/2005 à 03:08 | MICROS~1 microsoft frontpage
      16/12/2005 à 03:08 | WINDOW~1 Windows Media Player
      16/12/2005 à 03:07 | SERVIC~1 Services en ligne
      16/12/2005 à 03:07 | WINDOW~3 WindowsUpdate
      16/12/2005 à 03:07 | NETMEE~1 NetMeeting
      16/12/2005 à 03:07 | OUTLOO~1 Outlook Express
      16/12/2005 à 03:07 | MOVIEM~1 Movie Maker
      16/12/2005 à 03:06 | COMPLU~1 ComPlus Applications
      16/12/2005 à 03:06 | MSNGAM~1 MSN Gaming Zone
      16/12/2005 à 03:06 | WINDOW~2 Windows NT
      16/12/2005 à 03:06 | MSN


      __________________________ Recherche dans le registre _____________________


      # Clés de démarrage :


      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      CHIC 16 REG_SZ C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe


      _____________________ Modification du fichier Hosts _______________________


      127.0.0.1= Url bloquée Autre= Redirection

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 www.drivecleaner.com ## added by CiD
      127.0.0.1 www.errorprotector.com ## added by CiD
      127.0.0.1 www.errorsafe.com ## added by CiD
      127.0.0.1 www.systemdoctor.com ## added by CiD
      127.0.0.1 www.utils.winfixer.com ## added by CiD
      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 www.win-virus-pro.com ## added by CiD
      127.0.0.1 www.winantispam.com ## added by CiD
      127.0.0.1 www.winantispy.com ## added by CiD
      127.0.0.1 www.winantispyware.com ## added by CiD
      127.0.0.1 www.winantivirus.com ## added by CiD
      127.0.0.1 www.winantiviruspro.com ## added by CiD
      127.0.0.1 www.windrivecleaner.com ## added by CiD
      127.0.0.1 www.windrivesafe.com ## added by CiD
      127.0.0.1 www.winfixer.com ## added by CiD
      127.0.0.1 www.winfixer2006.com ## added by CiD
      127.0.0.1 www.winsoftware.com ## added by CiD


      __________________________ Popups autorisées ______________________________


      # Internet Explorer

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
      netbios-wait.com REG_SZ
      www.netbios-wait.com REG_SZ
      netsearchsoft.com REG_SZ
      www.netsearchsoft.com REG_SZ
      www.pandasoftware.fr REG_BINARY


      # Mozilla Firefox (1 autorisé 2 interdit)

      host popup 1 sport24.lefigaro.fr
      host popup 1 www.paroles.net
      host popup 1 security.symantec.com
      host popup 1 www.pandasoftware.fr
      host popup 1 www.bestofkids.net
      host popup 1 www.bienpublic.com

      # Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


      ___________________________ Zones de sécurité _____________________________


      # HKCU Domains (4)

      # P3P History (5)


      ___________________ Suggestion nettoyage registre _______________

      (Pour désinfection manuelle)

      REGEDIT4

      [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\help list load]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CHIC 16"=-

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
      "netsearchsoft.com"=-
      "www.netsearchsoft.com"=-
      "netbios-wait.com"=-
      "www.netbios-wait.com"=-


      _________________________ Fin du rapport ________________________

      pour finir mon nouveau rapport hijackthis

      Logfile of HijackThis v1.99.1
      Scan saved at 16:07:51, on 13/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Shareaza\Shareaza.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Registry Clean Pro\Monitor.exe
      C:\Program Files\Registry Clean Pro\Scheduler.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\RegistrySmart\RegistrySmart.exe
      C:\WINDOWS\system32\drwtsn32.exe
      C:\WINDOWS\system32\drwtsn32.exe
      C:\WINDOWS\system32\drwtsn32.exe
      C:\WINDOWS\explorer.exe
      C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {6eb449a7-a9e7-4a23-a848-4a552d47de3b} - C:\WINDOWS\system32\browben.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp255.tmp.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [CHIC 16] C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe
      O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
      O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: browben - C:\WINDOWS\SYSTEM32\browben.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

      merci encore pour ton aide a+
      0
  7. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    1) Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    2) Double-clique VundoFix.exe afin de le lancer
    NE clique PAS sur le bouton Scan for Vundo
    Clique Droit dans la fenêtre blanche, choisis Add more files ?
    Rajoute dans la première ligne :
    C:\WINDOWS\system32\tmp255.tmp.dll

    Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo

    Si l'outil te demande de redémarrer, accepte.
    Copie/Colle ensuite le rapport C:\vundofix.txt

    3) télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en italique ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\WinFlyer32.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    4) J'ai besoin de vérifier un fichier;
    Rends toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html

    Clique sur parcourir et cherche ce fichier : C:\Program Files\Registry Clean Pro\Monitor.exe

    Clique sur send.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    5) Télécharge Hoster

    http://www.funkytoad.com/download/hoster.zip

    Dézippe le sur le bureau.
    Lance Hoster et clique sur "Restore Microsoft's Hosts File".

    6) remets un log Hijackthis;
    @+
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      salut et merci pour le temps que tu m'accordes !
      voici mon rapport VBG.TXT

      [05/14/2007, 8:56:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\christelle\Bureau\VirtumundoBeGone.exe" )
      [05/14/2007, 8:57:32] - Detected System Information:
      [05/14/2007, 8:57:32] - Windows Version: 5.1.2600, Service Pack 2
      [05/14/2007, 8:57:32] - Current Username: christelle (Admin)
      [05/14/2007, 8:57:32] - Windows is in NORMAL mode.
      [05/14/2007, 8:57:32] - Searching for Browser Helper Objects:
      [05/14/2007, 8:57:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [05/14/2007, 8:57:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/14/2007, 8:57:32] - BHO 3: {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - No filename found. Continuing.
      [05/14/2007, 8:57:32] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/14/2007, 8:57:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/14/2007, 8:57:32] - BHO 5: {6eb449a7-a9e7-4a23-a848-4a552d47de3b} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - Checking for HKLM\...\Winlogon\Notify\browben
      [05/14/2007, 8:57:32] - Found: HKLM\...\Winlogon\Notify\browben - This is probably Virtumundo.
      [05/14/2007, 8:57:32] - Assigning {6eb449a7-a9e7-4a23-a848-4a552d47de3b} MSEvents Object
      [05/14/2007, 8:57:32] - BHO list has been changed! Starting over...
      [05/14/2007, 8:57:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [05/14/2007, 8:57:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/14/2007, 8:57:32] - BHO 3: {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - No filename found. Continuing.
      [05/14/2007, 8:57:32] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/14/2007, 8:57:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/14/2007, 8:57:32] - BHO 5: {6eb449a7-a9e7-4a23-a848-4a552d47de3b} (MSEvents Object)
      [05/14/2007, 8:57:32] - ALERT: Found MSEvents Object!
      [05/14/2007, 8:57:32] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/14/2007, 8:57:32] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - No filename found. Continuing.
      [05/14/2007, 8:57:32] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/14/2007, 8:57:32] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [05/14/2007, 8:57:32] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [05/14/2007, 8:57:32] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
      [05/14/2007, 8:57:32] - BHO 12: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
      [05/14/2007, 8:57:32] - BHO 13: {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} ()
      [05/14/2007, 8:57:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:32] - Checking for HKLM\...\Winlogon\Notify\tmp255.tmp
      [05/14/2007, 8:57:32] - Key not found: HKLM\...\Winlogon\Notify\tmp255.tmp, continuing.
      [05/14/2007, 8:57:32] - BHO 14: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
      [05/14/2007, 8:57:32] - Finished Searching Browser Helper Objects
      [05/14/2007, 8:57:32] - *** Detected MSEvents Object
      [05/14/2007, 8:57:32] - Trying to remove MSEvents Object...
      [05/14/2007, 8:57:33] - Terminating Process: IEXPLORE.EXE
      [05/14/2007, 8:57:33] - Terminating Process: RUNDLL32.EXE
      [05/14/2007, 8:57:33] - Disabling Automatic Shell Restart
      [05/14/2007, 8:57:33] - Terminating Process: EXPLORER.EXE
      [05/14/2007, 8:57:34] - Suspending the NT Session Manager System Service
      [05/14/2007, 8:57:34] - Terminating Windows NT Logon/Logoff Manager
      [05/14/2007, 8:57:34] - Re-enabling Automatic Shell Restart
      [05/14/2007, 8:57:34] - File to disable: C:\WINDOWS\system32\browben.dll
      [05/14/2007, 8:57:34] - Renaming C:\WINDOWS\system32\browben.dll -> C:\WINDOWS\system32\browben.dll.vir
      [05/14/2007, 8:57:34] - File successfully renamed!
      [05/14/2007, 8:57:34] - Removing HKLM\...\Browser Helper Objects\{6eb449a7-a9e7-4a23-a848-4a552d47de3b}
      [05/14/2007, 8:57:34] - Removing HKCR\CLSID\{6eb449a7-a9e7-4a23-a848-4a552d47de3b}
      [05/14/2007, 8:57:34] - Adding Kill Bit for ActiveX for GUID: {6eb449a7-a9e7-4a23-a848-4a552d47de3b}
      [05/14/2007, 8:57:34] - Deleting ATLEvents/MSEvents Registry entries
      [05/14/2007, 8:57:34] - Removing HKLM\...\Winlogon\Notify\browben
      [05/14/2007, 8:57:34] - Searching for Browser Helper Objects:
      [05/14/2007, 8:57:34] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [05/14/2007, 8:57:34] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/14/2007, 8:57:34] - BHO 3: {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} ()
      [05/14/2007, 8:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:34] - No filename found. Continuing.
      [05/14/2007, 8:57:34] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/14/2007, 8:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:34] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/14/2007, 8:57:34] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/14/2007, 8:57:34] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/14/2007, 8:57:34] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/14/2007, 8:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:34] - No filename found. Continuing.
      [05/14/2007, 8:57:34] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/14/2007, 8:57:34] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [05/14/2007, 8:57:34] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [05/14/2007, 8:57:34] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
      [05/14/2007, 8:57:34] - BHO 11: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
      [05/14/2007, 8:57:34] - BHO 12: {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} ()
      [05/14/2007, 8:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/14/2007, 8:57:34] - Checking for HKLM\...\Winlogon\Notify\tmp255.tmp
      [05/14/2007, 8:57:34] - Key not found: HKLM\...\Winlogon\Notify\tmp255.tmp, continuing.
      [05/14/2007, 8:57:34] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
      [05/14/2007, 8:57:34] - Finished Searching Browser Helper Objects
      [05/14/2007, 8:57:34] - Finishing up...
      [05/14/2007, 8:57:34] - A restart is needed.
      [05/14/2007, 8:57:40] - Attempting to Restart via STOP error (Blue Screen!)

      nouveau hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 09:05:29, on 14/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\svchost.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Registry Clean Pro\Monitor.exe
      C:\Program Files\Registry Clean Pro\Scheduler.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp255.tmp.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [CHIC 16] C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe
      O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
      O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      0
    2. chrisetsylvain Messages postés 112 Statut Membre
       
      rapport vundofix.txt


      VundoFix V6.3.21

      Checking Java version...

      Java version is 1.5.0.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.11

      Scan started at 13:13:41 13/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.21

      Checking Java version...

      Java version is 1.5.0.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.11

      Scan started at 13:20:28 13/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      Beginning removal...

      Attempting to delete c:\WINDOWS\system32\tmp255.tmp.dll
      c:\WINDOWS\system32\tmp255.tmp.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.21

      Checking Java version...

      Java version is 1.5.0.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.11

      Scan started at 09:16:31 14/05/2007

      Listing files found while scanning....

      No infected files were found.
      0
    3. chrisetsylvain Messages postés 112 Statut Membre
       
      j'ai faits moveIt je ne trouve aucun rapport après ! quand je clique movelt j 'ai un message "cannot create file C:\OTMoveltFiles\05142007_095511.log.

      quand je cherche le rapport j ai le message :

      "fait reference à un emplacement non disponible. Il peut s'agir d'un emplacement situè sur un disque dur ou sur un reseau vérifier puis essayez à nouveau si vous ne trouvez toujours pas l'information, elle a peut être été déplacer vers un emplacement diffèrent "
      0
    4. chrisetsylvain Messages postés 112 Statut Membre
       
      rapport virustotal :


      VirusTotal
      VirusTotal is a free file analisys service that works using several antivirus engines.


      Select file :

      Distribute
      SSL


      Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
      Menu:

      * News Hot news in the virus/antivirus sector.
      * Estadisticas Statistics of VirusTotal procesing.
      * Virustotal More info about Virustotal.

      STATUS: FINISHED
      Complete scanning result of "Monitor.exe", received in VirusTotal at 05.14.2007, 10:25:27 (CET).

      Antivirus Version Update Result
      AhnLab-V3 2007.5.10.0 05.14.2007 no virus found
      AntiVir 7.4.0.15 05.14.2007 no virus found
      Authentium 4.93.8 05.12.2007 no virus found
      Avast 4.7.997.0 05.13.2007 no virus found
      AVG 7.5.0.467 05.13.2007 no virus found
      BitDefender 7.2 05.14.2007 no virus found
      CAT-QuickHeal 9.00 05.14.2007 no virus found
      ClamAV devel-20070416 05.14.2007 no virus found
      DrWeb 4.33 05.14.2007 no virus found
      eSafe 7.0.15.0 05.13.2007 no virus found
      eTrust-Vet 30.7.3632 05.14.2007 no virus found
      Ewido 4.0 05.13.2007 no virus found
      FileAdvisor 1 05.14.2007 no virus found
      Fortinet 2.85.0.0 05.14.2007 no virus found
      F-Prot 4.3.2.48 05.12.2007 no virus found
      F-Secure 6.70.13030.0 05.14.2007 no virus found
      Ikarus T3.1.1.7 05.14.2007 no virus found
      Kaspersky 4.0.2.24 05.14.2007 no virus found
      McAfee 5029 05.11.2007 no virus found
      Microsoft 1.2503 05.14.2007 no virus found
      NOD32v2 2263 05.14.2007 no virus found
      Norman 5.80.02 05.11.2007 no virus found
      Panda 9.0.0.4 05.13.2007 no virus found
      Prevx1 V2 05.14.2007 no virus found
      Sophos 4.17.0 05.11.2007 no virus found
      Sunbelt 2.2.907.0 05.12.2007 no virus found
      Symantec 10 05.14.2007 no virus found
      TheHacker 6.1.6.114 05.12.2007 no virus found
      VBA32 3.12.0 05.13.2007 no virus found
      VirusBuster 4.3.7:9 05.13.2007 no virus found
      Webwasher-Gateway 6.0.1 05.14.2007 no virus found

      Aditional Information
      File size: 536576 bytes
      MD5: ef5ec095229412aed5b948e6026da0aa
      SHA1: bb9847717b20b2864da2b5a4ea758ee4f90deb4e
      VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
      > Ir a: Inicio ContactarContactar En Español
      www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.cominfo@virustotal.com

      nouveau log hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 10:40:48, on 14/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Registry Clean Pro\Monitor.exe
      C:\Program Files\Registry Clean Pro\Scheduler.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp255.tmp.dll (file missing)
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [CHIC 16] C:\DOCUME~1\CHRIST~1\APPLIC~1\TESTPU~1\sectblah.exe
      O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
      O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

      voilà je crois que j'ai tous faits !
      0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Ouvre le panneau de configuration, Ajout/Suppression de programme.

    Si tu as un programme Cid Help (ou approchant), désinstalle le.

    Désinstalle aussi Bitdownload. C'est lui qui t'a amené le spyware.

    remets un rapport lopxp.
    @+
    0
  9. chrisetsylvain Messages postés 112 Statut Membre
     
    salut ! j'ai supprimé cid help et bitdownload voici mon rapport :

    _____________ Rapport Lopxp fait le 14/05/2007 à 12:05:48,79 _______________

    /!\ Attention /!\

    Les résultats de ce rapport sont sujets à interprétations,
    Et ne démontrent pas systématiquement des dossiers infectés...

    _________________________ Recherche prédéterminé __________________________

    [X] C:\Program Files\BitDownload Présent !

    Date d'installation/Création du dossier: 07/03/2007 à 14:02
    Dernière modification du dossier le: 14/05/2007 à 11:58

    Recherche des dossiers crées le: 07/03/2007

    C:\Program Files

    07/03/2007 18:32 <REP> OBERON~1 Oberon Media
    07/03/2007 15:59 <REP> FpTest
    07/03/2007 14:02 <REP> BITDOW~1 BitDownload

    C:\Documents and Settings\christelle\Application Data

    07/03/2007 14:02 <REP> BITDOW~1 BitDownload

    C:\Documents and Settings\enfants\Application Data

    07/03/2007 18:24 <REP> Talkback

    _________________________ Recherche heuristique __________________________

    C:\Documents and Settings\christelle\Application Data\SecuROM\UserData

    ___________________________ Tâches planifiées _____________________________

    Tâche cachée à l'utilistateur:

    C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    Fichier lancé: Scheduled

    Listing de toutes les tâches planifiées:

    MP Scheduled Quick Scan.job: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe Scan -RestrictPrivileges -ScanType 1 -disabled
    Norton AntiVirus - Analyser mon ordinateur - christelle.job: C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
    Norton Security Scan.job: C:\Program Files\Norton Security Scan\Nss.exe /scan-full /scheduleignorenav /scheduled
    RegistrySmart Scheduled Scan.job: C:\Program Files\RegistrySmart\RegistrySmart.exe scheduled

    __________ Détection des paramètres de désinstallation du sponsor _________

    Sponsor P2P:

    Sponsor MSN+:

    __________________ Listing des dossiers Application Data __________________

    C:\Documents and Settings\All Users\Application Data

    Date/heure Création Nom court Nom long

    25/04/2007 à 22:03 | Adobe
    14/04/2007 à 17:48 | ESTsoft
    14/04/2007 à 17:10 | 55-61-~1 55-61-rp-73-30-45
    08/03/2007 à 13:22 | Trymedia
    05/03/2007 à 14:47 | TEMP
    02/03/2007 à 11:15 | Adobe(3)
    21/02/2007 à 21:48 | WHITEC~1 WhiteCap (Holiday Edition)
    21/02/2007 à 14:36 | Google
    21/02/2007 à 14:01 | GOOGLE~1 Google Updater
    17/02/2007 à 15:47 | YAHOO!~1 Yahoo! Companion
    15/02/2007 à 13:19 | MACROV~1 Macrovision
    13/02/2007 à 12:13 | MUMBOJ~1 MumboJumbo
    12/02/2007 à 13:28 | SPYBOT~1 Spybot - Search & Destroy
    07/02/2007 à 10:57 | Adobe(2)
    02/02/2007 à 10:06 | WINDOW~2 Windows Live Toolbar
    31/01/2007 à 16:46 | WINDOW~1 Windows Genuine Advantage
    06/08/2006 à 11:25 | MSSCAN~1 MSScanAppDataDir
    30/06/2006 à 22:51 | CYBERL~1 CyberLink
    30/06/2006 à 21:51 | UDL
    30/06/2006 à 20:38 | QUICKT~1 QuickTime
    30/06/2006 à 18:37 | eConsole
    16/12/2005 à 11:54 | Symantec
    16/12/2005 à 03:08 | MICROS~1 Microsoft

    C:\Documents and Settings\christelle\Application Data

    Date/heure Création Nom court Nom long

    28/04/2007 à 11:10 | REGIST~1 RegistrySmart
    14/04/2007 à 17:49 | ESTsoft
    13/04/2007 à 20:40 | Shareaza
    23/03/2007 à 18:19 | FUNWEB~1 FunWebProducts
    07/03/2007 à 14:02 | BITDOW~1 BitDownload
    03/03/2007 à 19:08 | 7Wonders
    21/02/2007 à 14:32 | Google
    20/02/2007 à 20:21 | MESSEN~1 MessengerSkinner
    18/02/2007 à 23:02 | iWin
    18/02/2007 à 17:53 | Boomzap
    16/02/2007 à 14:55 | DRIVEC~1 DriveCleaner 2006 Free
    14/02/2007 à 10:36 | SecuROM
    12/02/2007 à 16:32 | Lavasoft
    07/02/2007 à 17:40 | vlc
    31/01/2007 à 19:29 | Talkback
    31/01/2007 à 19:29 | THUNDE~1 Thunderbird
    31/01/2007 à 19:29 | Mozilla
    31/01/2007 à 17:45 | MSNINS~1 MSNInstaller
    15/01/2007 à 12:53 | MEDIAP~1 Media Player Classic
    20/09/2006 à 15:26 | IMAGEZ~1 Image Zone Express
    20/09/2006 à 15:24 | MACROM~1 Macromedia
    16/09/2006 à 17:16 | Help
    11/08/2006 à 17:46 | CYBERL~1 CyberLink
    06/07/2006 à 16:13 | Sun
    30/06/2006 à 22:45 | AdobeUM
    30/06/2006 à 22:42 | EPSON
    30/06/2006 à 18:43 | Adobe
    30/06/2006 à 14:52 | IDENTI~1 Identities
    30/06/2006 à 14:52 | MICROS~1 Microsoft
    30/06/2006 à 14:52 | Symantec

    C:\Documents and Settings\christelle\Local Settings\Application Data

    Date/heure Création Nom court Nom long

    05/03/2007 à 18:27 | Shareaza
    21/02/2007 à 14:32 | Google
    31/01/2007 à 20:07 | APPLIC~1 ApplicationHistory
    31/01/2007 à 19:38 | Mozilla
    31/01/2007 à 19:29 | THUNDE~1 Thunderbird
    07/12/2006 à 16:37 | IDENTI~1 Identities
    16/09/2006 à 17:16 | Help
    16/09/2006 à 16:56 | WMTOOL~1 WMTools Downloaded Files
    30/06/2006 à 18:43 | Adobe
    30/06/2006 à 16:04 | ABBYY
    30/06/2006 à 14:52 | MICROS~1 Microsoft
    30/06/2006 à 14:52 | {3248F~1 {3248F0A6-6813-11D6-A77B-00B0D0150050}

    C:\Documents and Settings\enfants\Application Data

    Date/heure Création Nom court Nom long

    07/03/2007 à 18:24 | Talkback
    21/02/2007 à 18:20 | Google
    20/02/2007 à 19:57 | MESSEN~1 MessengerSkinner
    20/02/2007 à 18:36 | Mozilla
    18/02/2007 à 17:01 | DivX
    18/02/2007 à 16:55 | MEDIAP~1 Media Player Classic
    31/12/2006 à 11:16 | MACROM~1 Macromedia
    29/12/2006 à 11:55 | Adobe
    29/12/2006 à 11:55 | INTERT~1 InterTrust
    22/09/2006 à 16:23 | Help
    20/08/2006 à 11:29 | CYBERL~1 CyberLink
    06/07/2006 à 09:23 | EPSON
    30/06/2006 à 19:51 | IDENTI~1 Identities
    30/06/2006 à 19:51 | Symantec
    30/06/2006 à 19:51 | MICROS~1 Microsoft

    C:\Documents and Settings\enfants\Local Settings\Application Data

    Date/heure Création Nom court Nom long

    21/02/2007 à 18:20 | Google
    20/02/2007 à 18:36 | Mozilla
    22/09/2006 à 16:23 | Help
    30/06/2006 à 19:51 | MICROS~1 Microsoft
    30/06/2006 à 19:51 | {3248F~1 {3248F0A6-6813-11D6-A77B-00B0D0150050}

    ____________________ Listing du dossier Program Files _____________________

    C:\Program Files

    Date/heure Création Nom court Nom long

    11/05/2007 à 10:24 | HIJACK~1 Hijackthis Version Fran‡aise
    03/05/2007 à 00:24 | REGIST~3 Registry Clean Pro
    29/04/2007 à 13:02 | REGIST~1 RegistrySmart
    25/04/2007 à 21:46 | NORTON~2 Norton Security Scan
    24/04/2007 à 11:10 | Trymedia
    15/04/2007 à 13:12 | FAIRYT~1 Fairy Treasure
    14/04/2007 à 18:42 | JEWELS~1 Jewels of Cleopatra
    14/04/2007 à 18:41 | REFLEX~1 ReflexiveArcade
    14/04/2007 à 17:48 | ESTsoft
    14/04/2007 à 17:10 | GAMEHO~1 GameHouse
    13/04/2007 à 20:40 | Shareaza
    12/04/2007 à 22:42 | A-SQUA~1 a-squared Free
    12/04/2007 à 22:28 | Grisoft
    12/04/2007 à 15:40 | Samsung
    06/04/2007 à 08:48 | Ahead
    06/04/2007 à 08:29 | 3PLANE~1 3Planesoft Screensaver Manager
    06/04/2007 à 08:29 | THELOS~1 The Lost Watch 3D Screensaver
    04/04/2007 à 13:33 | Real
    08/03/2007 à 17:11 | VideoLAN
    07/03/2007 à 18:32 | OBERON~1 Oberon Media
    07/03/2007 à 15:59 | FpTest
    07/03/2007 à 14:02 | BITDOW~1 BitDownload
    06/03/2007 à 14:49 | FREEAN~1 FreeAngel
    03/03/2007 à 19:08 | MUMBOJ~1 MumboJumbo
    02/03/2007 à 21:38 | MACROG~1 Macrogaming
    24/02/2007 à 18:42 | REGCLE~1 RegCleaner
    24/02/2007 à 12:23 | 3BSOFT~1 3B Software
    23/02/2007 à 18:02 | SYMNET~1 SymNetDrv
    23/02/2007 à 17:53 | Symantec
    22/02/2007 à 21:38 | ONLINE~1 Online Services
    22/02/2007 à 20:58 | MICROS~3 Microsoft Works
    21/02/2007 à 14:25 | Picasa2
    20/02/2007 à 19:57 | MESSEN~2 MessengerSkinner
    19/02/2007 à 17:24 | ROXYPA~1 roxypalace_fr_T
    18/02/2007 à 17:00 | Google
    18/02/2007 à 16:59 | DivX
    17/02/2007 à 11:17 | CCleaner
    12/02/2007 à 20:59 | Yahoo!
    12/02/2007 à 16:32 | Lavasoft
    12/02/2007 à 14:25 | AOLSEC~1 AOL Security Toolbar
    12/02/2007 à 13:28 | SPYBOT~1 Spybot - Search & Destroy
    12/02/2007 à 11:22 | SOFT4E~1 Soft4Ever
    12/02/2007 à 10:24 | ALWILS~1 Alwil Software
    07/02/2007 à 17:35 | FREEPL~1 Freeplayer
    07/02/2007 à 10:49 | WI4DF6~1 Windows Media Connect 2
    04/02/2007 à 14:19 | COMMON~1 Common Files
    03/02/2007 à 12:44 | LimeWire
    02/02/2007 à 10:06 | WI48FA~1 Windows Live Favorites
    02/02/2007 à 10:06 | WINDOW~4 Windows Live Toolbar
    02/02/2007 à 09:53 | MSNMES~1 MSN Messenger
    31/01/2007 à 19:38 | MOZILL~2 Mozilla Firefox
    31/01/2007 à 19:29 | MOZILL~1 Mozilla Thunderbird
    31/01/2007 à 19:06 | FILEZI~1 FileZilla
    26/01/2007 à 16:22 | Free
    07/01/2007 à 20:00 | SATSUK~1 Satsuki Decoder Pack
    20/09/2006 à 15:23 | HP
    12/09/2006 à 17:05 | MICROA~1 Micro Application
    11/09/2006 à 15:19 | ANUMAN~1 Anuman Interactive
    15/08/2006 à 18:43 | KINGSM~1 Kings Mahjongg
    28/07/2006 à 16:43 | SIERRA~1 Sierra On-Line
    28/07/2006 à 16:43 | Intel
    06/07/2006 à 14:54 | MICROS~2 Microsoft Office
    30/06/2006 à 21:43 | EPSON
    30/06/2006 à 20:39 | QUICKT~1 QuickTime
    30/06/2006 à 18:50 | ALBUMP~1 Album Photos Kodak
    30/06/2006 à 14:53 | Acer
    16/12/2005 à 11:53 | INSTAL~1 InstallShield Installation Information
    16/12/2005 à 11:53 | NORTON~1 Norton AntiVirus
    16/12/2005 à 03:24 | FICHIE~1 Fichiers communs
    16/12/2005 à 03:22 | CYBERL~1 CyberLink
    16/12/2005 à 03:21 | Java
    16/12/2005 à 03:20 | NEWTEC~1 NewTech Infosystems
    16/12/2005 à 03:18 | Adobe
    16/12/2005 à 03:17 | INTERN~1 Internet Explorer
    16/12/2005 à 03:17 | UNINST~1 Uninstall Information
    16/12/2005 à 03:14 | Realtek
    16/12/2005 à 03:11 | MESSEN~1 Messenger
    16/12/2005 à 03:08 | xerox
    16/12/2005 à 03:08 | MICROS~1 microsoft frontpage
    16/12/2005 à 03:08 | WINDOW~1 Windows Media Player
    16/12/2005 à 03:07 | WINDOW~3 WindowsUpdate
    16/12/2005 à 03:07 | SERVIC~1 Services en ligne
    16/12/2005 à 03:07 | NETMEE~1 NetMeeting
    16/12/2005 à 03:07 | OUTLOO~1 Outlook Express
    16/12/2005 à 03:07 | MOVIEM~1 Movie Maker
    16/12/2005 à 03:06 | COMPLU~1 ComPlus Applications
    16/12/2005 à 03:06 | MSNGAM~1 MSN Gaming Zone
    16/12/2005 à 03:06 | WINDOW~2 Windows NT
    16/12/2005 à 03:06 | MSN

    __________________________ Recherche dans le registre _____________________

    # Clés de démarrage :

    _____________________ Modification du fichier Hosts _______________________

    127.0.0.1= Url bloquée Autre= Redirection

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    __________________________ Popups autorisées ______________________________

    # Internet Explorer

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    www.pandasoftware.fr REG_BINARY

    # Mozilla Firefox (1 autorisé 2 interdit)

    host popup 1 sport24.lefigaro.fr
    host popup 1 www.paroles.net
    host popup 1 security.symantec.com
    host popup 1 www.pandasoftware.fr
    host popup 1 www.bestofkids.net
    host popup 1 www.bienpublic.com

    # Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)

    ___________________________ Zones de sécurité _____________________________

    # HKCU Domains (4)

    # P3P History (5)

    ___________________ Suggestion nettoyage registre _______________

    (Pour désinfection manuelle)

    - Aucune suggestion

    _________________________ Fin du rapport ________________________

    bon appétit !
    0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    on va utiliser une vieille version de l'outil (je crois qu'il memanque des infos) :
    Télécharge lopxp

    http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

    dezippe le (clic droit dessus > extraire tout)
    et lance lopxpmh.bat en double-cliquant dessus
    quand il à terminé, un rapport s'ouvre , copie et colle le contenu dans ta réponse.

    Vérifie que tu n'as pas installé le sponsor de MSN +
    @+
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      salut nouveau rapport demandé :
      Rapport lopxpMH2 version 2.0 fait à 19:14:11,62 le 15/05/2007
      C:\Documents and Settings\christelle\Bureau\lopxpMH2

      ******************************************
      ## Répertoires Application Data

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\ADULTE

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\All Users\Application Data

      16/12/2005 03:18 <REP> .
      16/12/2005 03:18 <REP> ..
      14/04/2007 17:10 <REP> 55-61-rp-73-30-45
      25/04/2007 22:03 <REP> Adobe
      07/02/2007 10:57 <REP> Adobe(2)
      02/03/2007 11:15 <REP> Adobe(3)
      30/06/2006 22:51 <REP> CyberLink
      30/06/2006 18:37 <REP> eConsole
      14/04/2007 17:48 <REP> ESTsoft
      21/02/2007 14:36 <REP> Google
      21/02/2007 14:01 <REP> Google Updater
      15/02/2007 13:19 <REP> Macrovision
      16/12/2005 03:08 <REP> Microsoft
      06/08/2006 11:25 <REP> MSScanAppDataDir
      13/02/2007 12:13 <REP> MumboJumbo
      30/06/2006 20:38 <REP> QuickTime
      12/02/2007 13:28 <REP> Spybot - Search & Destroy
      16/12/2005 11:54 <REP> Symantec
      05/03/2007 14:47 <REP> TEMP
      08/03/2007 13:22 <REP> Trymedia
      30/06/2006 21:51 <REP> UDL
      21/02/2007 21:48 <REP> WhiteCap (Holiday Edition)
      31/01/2007 16:46 <REP> Windows Genuine Advantage
      02/02/2007 10:06 <REP> Windows Live Toolbar
      17/02/2007 15:47 <REP> Yahoo! Companion
      16/12/2005 04:04 62 desktop.ini
      1 fichier(s) 62 octets
      25 Rép(s) 16 982 093 824 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\christelle\Application Data

      30/06/2006 14:52 <REP> .
      30/06/2006 14:52 <REP> ..
      03/03/2007 19:08 <REP> 7Wonders
      30/06/2006 18:43 <REP> Adobe
      30/06/2006 22:45 <REP> AdobeUM
      07/03/2007 14:02 <REP> BitDownload
      18/02/2007 17:53 <REP> Boomzap
      11/08/2006 17:46 <REP> CyberLink
      16/02/2007 14:55 <REP> DriveCleaner 2006 Free
      30/06/2006 22:42 <REP> EPSON
      14/04/2007 17:49 <REP> ESTsoft
      23/03/2007 18:19 <REP> FunWebProducts
      21/02/2007 14:32 <REP> Google
      16/09/2006 17:16 <REP> Help
      30/06/2006 14:52 <REP> Identities
      20/09/2006 15:26 <REP> Image Zone Express
      18/02/2007 23:02 <REP> iWin
      12/02/2007 16:32 <REP> Lavasoft
      20/09/2006 15:24 <REP> Macromedia
      15/01/2007 12:53 <REP> Media Player Classic
      20/02/2007 20:21 <REP> MessengerSkinner
      30/06/2006 14:52 <REP> Microsoft
      31/01/2007 19:29 <REP> Mozilla
      31/01/2007 17:45 <REP> MSNInstaller
      28/04/2007 11:10 <REP> RegistrySmart
      14/02/2007 10:36 <REP> SecuROM
      13/04/2007 20:40 <REP> Shareaza
      06/07/2006 16:13 <REP> Sun
      30/06/2006 14:52 <REP> Symantec
      31/01/2007 19:29 <REP> Talkback
      31/01/2007 19:29 <REP> Thunderbird
      07/02/2007 17:40 <REP> vlc
      12/02/2007 13:12 758 5d1b86c2-441a-47d8-875c-0d2293ef0e4d
      12/02/2007 13:11 764 798bc023-ea72-44a0-8e31-0437c0851d6b
      12/02/2007 13:11 1 394 8300338b-2cd4-4aa2-a723-efacb95a8b88
      12/02/2007 13:12 764 aab6353d-6a44-45a5-8261-51a0ff00e57a
      12/02/2007 13:12 465 c097e0bf-161c-4a4a-b6cf-4649157f2823
      30/06/2006 14:52 62 desktop.ini
      12/02/2007 13:12 764 fb8aa279-fbd9-4820-afd6-4e4ea960c84e
      25/02/2007 19:13 18 432 internaldb1478.dat
      04/02/2007 11:15 18 432 internaldb41.dat
      08/02/2007 18:39 374 internaldb5724.dat
      04/02/2007 11:15 374 internaldb6334.dat
      08/02/2007 18:39 18 432 internaldb6500.dat
      25/02/2007 19:13 374 internaldb6962.dat
      04/02/2007 11:15 538 internaldb8467.dat
      08/02/2007 18:39 538 internaldb9169.dat
      25/02/2007 19:13 538 internaldb9358.dat
      04/02/2007 14:19 706 update.log
      11/02/2007 23:38 262 WinssCookie.txt
      18 fichier(s) 63 971 octets
      32 Rép(s) 16 982 089 728 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\christelle\Local Settings\Application Data

      30/06/2006 14:52 <REP> .
      30/06/2006 14:52 <REP> ..
      30/06/2006 14:52 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150050}
      30/06/2006 16:04 <REP> ABBYY
      30/06/2006 18:43 <REP> Adobe
      31/01/2007 20:07 <REP> ApplicationHistory
      21/02/2007 14:32 <REP> Google
      16/09/2006 17:16 <REP> Help
      07/12/2006 16:37 <REP> Identities
      30/06/2006 14:52 <REP> Microsoft
      31/01/2007 19:38 <REP> Mozilla
      05/03/2007 18:27 <REP> Shareaza
      31/01/2007 19:29 <REP> Thunderbird
      16/09/2006 16:56 <REP> WMTools Downloaded Files
      01/07/2006 13:15 105 984 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      31/01/2007 20:07 133 fusioncache.dat
      30/06/2006 22:46 64 072 GDIPFONTCACHEV1.DAT
      30/06/2006 14:52 1 578 936 IconCache.db
      4 fichier(s) 1 749 125 octets
      14 Rép(s) 16 982 089 728 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\Default User\Application Data

      16/12/2005 04:04 <REP> .
      16/12/2005 04:04 <REP> ..
      30/06/2006 14:50 <REP> Identities
      16/12/2005 03:08 <REP> Microsoft
      30/06/2006 14:50 <REP> Symantec
      16/12/2005 04:04 62 desktop.ini
      1 fichier(s) 62 octets
      5 Rép(s) 16 982 089 728 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

      16/12/2005 03:07 <REP> .
      16/12/2005 03:07 <REP> ..
      30/06/2006 14:50 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150050}
      02/03/2007 11:15 <REP> Adobe
      16/12/2005 03:08 <REP> Microsoft
      30/06/2006 14:50 3 220 034 IconCache.db
      1 fichier(s) 3 220 034 octets
      5 Rép(s) 16 982 089 728 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\enfants\Application Data

      30/06/2006 19:51 <REP> .
      30/06/2006 19:51 <REP> ..
      29/12/2006 11:55 <REP> Adobe
      20/08/2006 11:29 <REP> CyberLink
      18/02/2007 17:01 <REP> DivX
      06/07/2006 09:23 <REP> EPSON
      21/02/2007 18:20 <REP> Google
      22/09/2006 16:23 <REP> Help
      30/06/2006 19:51 <REP> Identities
      29/12/2006 11:55 <REP> InterTrust
      31/12/2006 11:16 <REP> Macromedia
      18/02/2007 16:55 <REP> Media Player Classic
      20/02/2007 19:57 <REP> MessengerSkinner
      30/06/2006 19:51 <REP> Microsoft
      20/02/2007 18:36 <REP> Mozilla
      30/06/2006 19:51 <REP> Symantec
      07/03/2007 18:24 <REP> Talkback
      30/06/2006 19:51 62 desktop.ini
      1 fichier(s) 62 octets
      17 Rép(s) 16 982 089 728 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\enfants\Local Settings\Application Data

      30/06/2006 19:51 <REP> .
      30/06/2006 19:51 <REP> ..
      30/06/2006 19:51 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150050}
      21/02/2007 18:20 <REP> Google
      22/09/2006 16:23 <REP> Help
      30/06/2006 19:51 <REP> Microsoft
      20/02/2007 18:36 <REP> Mozilla
      02/07/2006 11:39 64 072 GDIPFONTCACHEV1.DAT
      30/06/2006 19:51 4 815 464 IconCache.db
      2 fichier(s) 4 879 536 octets
      7 Rép(s) 16 982 085 632 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\LocalService\Application Data

      16/12/2005 03:10 <REP> .
      16/12/2005 03:10 <REP> ..
      22/02/2007 21:43 <REP> Adobe
      16/12/2005 03:10 <REP> Microsoft
      0 fichier(s) 0 octets
      4 Rép(s) 16 982 085 632 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

      16/12/2005 03:10 <REP> .
      16/12/2005 03:10 <REP> ..
      22/02/2007 21:43 <REP> Adobe
      16/12/2005 03:10 <REP> Microsoft
      0 fichier(s) 0 octets
      4 Rép(s) 16 982 085 632 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\NetworkService\Application Data

      16/12/2005 03:10 <REP> .
      16/12/2005 03:10 <REP> ..
      16/12/2005 03:10 <REP> Microsoft
      31/01/2007 10:11 <REP> Symantec
      0 fichier(s) 0 octets
      4 Rép(s) 16 982 085 632 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

      16/12/2005 03:10 <REP> .
      16/12/2005 03:10 <REP> ..
      16/12/2005 03:10 <REP> Microsoft
      0 fichier(s) 0 octets
      3 Rép(s) 16 982 085 632 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

      16/12/2005 04:04 <REP> .
      16/12/2005 04:04 <REP> ..
      30/06/2006 14:50 <REP> Identities
      16/12/2005 04:04 <REP> Microsoft
      30/06/2006 14:50 <REP> Symantec
      16/12/2005 04:04 62 desktop.ini
      1 fichier(s) 62 octets
      5 Rép(s) 16 982 020 096 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

      16/12/2005 04:04 <REP> .
      16/12/2005 04:04 <REP> ..
      30/06/2006 14:50 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150050}
      16/12/2005 03:07 <REP> Microsoft
      30/06/2006 14:50 3 220 034 IconCache.db
      1 fichier(s) 3 220 034 octets
      4 Rép(s) 16 982 020 096 octets libres

      ******************************************
      Recherche des taches planifiées dans C:\WINDOWS\tasks


      C:\WINDOWS\Tasks\MP
      MP inexploitable


      C:\WINDOWS\Tasks\Norton
      Norton inexploitable


      C:\WINDOWS\Tasks\Norton
      Norton inexploitable


      C:\WINDOWS\Tasks\RegistrySmart
      RegistrySmart inexploitable

      ******************************************
      ## Répertoires de C:\Program Files

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\Program Files

      15/05/2007 08:06 <REP> .
      15/05/2007 08:06 <REP> ..
      23/04/2007 10:02 <REP> 3B Software
      06/04/2007 08:29 <REP> 3Planesoft Screensaver Manager
      30/06/2006 16:04 <REP> ABBYY FineReader 6.0 Sprint
      30/06/2006 14:54 <REP> Acer
      02/03/2007 11:15 <REP> Adobe
      06/04/2007 08:48 <REP> Ahead
      11/09/2006 16:19 <REP> Album Photos Kodak
      12/02/2007 10:24 <REP> Alwil Software
      11/09/2006 16:19 <REP> Anuman Interactive
      12/02/2007 14:25 <REP> AOL Security Toolbar
      09/05/2007 19:46 <REP> a-squared Free
      14/05/2007 11:58 <REP> BitDownload
      17/02/2007 11:17 <REP> CCleaner
      08/03/2007 13:10 <REP> Common Files
      16/12/2005 03:06 <REP> ComPlus Applications
      16/12/2005 03:22 <REP> CyberLink
      18/02/2007 17:06 <REP> DivX
      30/06/2006 21:52 <REP> EPSON
      14/04/2007 17:48 <REP> ESTsoft
      15/04/2007 13:12 <REP> Fairy Treasure
      15/05/2007 08:06 <REP> Fichiers communs
      31/01/2007 19:35 <REP> FileZilla
      08/03/2007 13:53 <REP> FpTest
      26/01/2007 16:22 <REP> Free
      08/03/2007 13:10 <REP> FreeAngel
      08/03/2007 17:25 <REP> Freeplayer
      24/04/2007 10:27 <REP> GameHouse
      09/05/2007 16:44 <REP> Google
      12/04/2007 22:28 <REP> Grisoft
      14/05/2007 10:44 <REP> Hijackthis Version Française
      20/09/2006 15:23 <REP> HP
      28/07/2006 16:43 <REP> Intel
      09/05/2007 16:45 <REP> Internet Explorer
      23/04/2007 09:11 <REP> Java
      14/04/2007 21:31 <REP> Jewels of Cleopatra
      15/08/2006 18:43 <REP> Kings Mahjongg
      12/02/2007 16:32 <REP> Lavasoft
      19/02/2007 16:43 <REP> LimeWire
      03/03/2007 18:16 <REP> Macrogaming
      09/05/2007 16:46 <REP> Messenger
      23/02/2007 16:07 <REP> MessengerSkinner
      12/02/2007 11:20 <REP> Micro Application
      09/05/2007 14:53 <REP> Microsoft CAPICOM 2.1.0.2
      12/02/2006 01:10 <REP> microsoft frontpage
      06/07/2006 14:54 <REP> Microsoft Office
      22/02/2007 20:58 <REP> Microsoft Works
      06/07/2006 14:54 <REP> Microsoft.NET
      16/12/2005 03:07 <REP> Movie Maker
      15/05/2007 19:12 <REP> Mozilla Firefox
      14/02/2007 10:08 <REP> Mozilla Thunderbird
      31/01/2007 17:41 <REP> MSN
      12/02/2006 01:10 <REP> MSN Gaming Zone
      09/05/2007 16:53 <REP> MSN Messenger
      11/02/2007 23:44 <REP> MSXML 4.0
      03/03/2007 19:08 <REP> MumboJumbo
      12/02/2006 01:10 <REP> NetMeeting
      30/06/2006 14:53 <REP> NewTech Infosystems
      09/05/2007 16:55 <REP> Norton AntiVirus
      11/05/2007 15:00 <REP> Norton Security Scan
      07/03/2007 19:11 <REP> Oberon Media
      22/02/2007 21:38 <REP> Online Services
      31/01/2007 17:01 <REP> Outlook Express
      15/03/2007 21:04 <REP> Picasa2
      09/05/2007 16:55 <REP> QuickTime
      04/04/2007 13:33 <REP> Real
      12/02/2006 01:10 <REP> Realtek
      14/04/2007 18:41 <REP> ReflexiveArcade
      24/02/2007 22:05 <REP> RegCleaner
      09/05/2007 16:55 <REP> Registry Clean Pro
      29/04/2007 13:02 <REP> RegistrySmart
      04/04/2007 13:33 774 144 RngInterstitial.dll
      20/02/2007 20:19 <REP> roxypalace_fr_T
      12/04/2007 15:40 <REP> Samsung
      18/02/2007 17:21 <REP> Satsuki Decoder Pack
      12/02/2006 01:10 <REP> Services en ligne
      13/04/2007 20:40 <REP> Shareaza
      28/07/2006 16:43 <REP> Sierra On-Line
      12/02/2007 11:22 <REP> Soft4Ever
      09/05/2007 16:56 <REP> Spybot - Search & Destroy
      23/02/2007 18:03 <REP> Symantec
      23/02/2007 18:02 <REP> SymNetDrv
      06/04/2007 08:29 <REP> The Lost Watch 3D Screensaver
      24/04/2007 11:10 <REP> Trymedia
      08/03/2007 17:11 <REP> VideoLAN
      09/05/2007 16:56 <REP> Windows Live Favorites
      09/05/2007 16:56 <REP> Windows Live Toolbar
      24/02/2007 17:31 <REP> Windows Media Connect 2
      30/04/2007 20:41 <REP> Windows Media Player
      12/02/2006 01:10 <REP> Windows NT
      12/02/2006 01:10 <REP> xerox
      07/03/2007 19:22 <REP> Yahoo!
      1 fichier(s) 774 144 octets
      92 Rép(s) 16 981 929 984 octets libres

      ******************************************
      ## Popups autorisées

      * Internet Explorer

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
      www.pandasoftware.fr REG_BINARY

      * Mozilla Firefox (1 autorisé 2 interdit)

      ---------- C:\DOCUMENTS AND SETTINGS\CHRISTELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GGB5199Y.DEFAULT\HOSTPERM.1
      host popup 1 sport24.lefigaro.fr
      host popup 1 www.paroles.net
      host popup 1 security.symantec.com
      host popup 1 www.pandasoftware.fr
      host popup 1 www.bestofkids.net
      host popup 1 www.bienpublic.com

      ******************************************
      ## Registre

      * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
      Search Bar REG_SZ http://www.google.com/toolbar/ie8/sidebar.html

      ******************************************
      ## Zones de sécurité

      * HKCU Domains (4)

      * P3P History (5)

      ******************************************
      ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E4DD-CB2B

      Répertoire de C:\WINDOWS

      16/11/2004 15:27 7 235 The Lost Watch 3D Screensaver.html
      1 fichier(s) 7 235 octets
      0 Rép(s) 16 982 061 056 octets libres

      *************** Fin du rapport ****************

      pour les sponsors msn + tu fais comment pour voir si ils sont installés ou pas ? merci a+
      0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,
    Clique sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Clique sur navilog1.zip pour télécharger navilo1.exe.

    Choisis Enregistrer

    et enregistre-le sur ton bureau.

    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    @+
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      re, voilà le rapport :

      Search Navipromo version 2.0.1 commencé le 15/05/2007 à 20:59:43,35

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Poster ce rapport sur le forum pour le faire analyser !!!
      !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

      Fix lancé depuis C:\Program Files\navilog1
      Mise a jour le 10.05.2007 a 22h00 by IL-MAFIOSO

      Executé en mode normal

      *** Recherche Programmes installes ***




      *** Recherche dossiers dans C:\WINDOWS ***




      *** Recherche dossiers dans C:\Program Files ***


      C:\Program Files\MessengerSkinner trouvé !


      *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




      *** Recherche dossiers dans C:\Documents and Settings\christelle\Application Data ***


      ...\Application Data\MessengerSkinner trouvé !

      *** Recherche avec BlackLight Engine/F-secure ***
      BlackLight Engine est un produit de F-secure, pour + d'infos :
      https://www.f-secure.com/en


      F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
      ======================================

      Copyright 2005-2006 F-Secure Corporation. All rights reserved.
      This is a beta version. It will expire on 1st of April, 2007.
      Version information: 2.2.1061.

      [+] Started on 05/15/07 at 20:59:45.
      [+] Initializing ...
      [+] Starting scan, press Ctrl-C to abort.
      [+] Scanning for hidden items .................................................
      [+] Scan complete.
      [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
      [+] Exited on 05/15/07 at 21:04:18 (return code = 0).


      *** Recherche fichiers ***


      C:\WINDOWS\pack.epk trouvé !
      C:\WINDOWS\system32\nvs2.inf trouvé !


      *** Recherche cles registre ***


      Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



      Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



      Recherche Clé Magic Control

      HKEY_CURRENT_USER\Software\Lanconfig trouvé !


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche fichiers connus:


      2)Recherche Heuristique :
      *
      C:\WINDOWS\system32\jdznqmavru.dat trouvé !
      C:\WINDOWS\system32\tgbheqvcwk.dat trouvé !
      C:\WINDOWS\system32\zmreieptfk.dat trouvé !
      **
      C:\WINDOWS\system32\jdznqmavru.dat trouvé !
      C:\WINDOWS\system32\tgbheqvcwk.dat trouvé !
      C:\WINDOWS\system32\zmreieptfk.dat trouvé !
      ***
      ****
      C:\WINDOWS\system32\jdznqmavru_navps.dat trouvé !
      C:\WINDOWS\system32\tgbheqvcwk_navps.dat trouvé !
      C:\WINDOWS\system32\zmreieptfk_navps.dat trouvé !
      *****
      C:\WINDOWS\system32\jdznqmavru_nav.dat trouvé !
      C:\WINDOWS\system32\tgbheqvcwk_nav.dat trouvé !
      C:\WINDOWS\system32\zmreieptfk_nav.dat trouvé !
      ******
      *******
      ********


      *** Analyse Terminé le 15/05/2007 à 21:04:39,46 ***
      0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    1) Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis 3 et valide.

    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le blocnote va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le blocnote. Ton bureau va réapparaitre

    PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Celà te fera apparaitre ton bureau.


    Fermez Internet explorer puis Démarrer/panneau de configuration/options Internet
    - onglet "Contenu" puis onglet "Certificats" et si vous trouvez ceci, en particulier dans « éditeurs approuvés » :
    electronic-group
    egroup
    Montorgueil
    VIP
    "Sunny Day Design Ltd"

    Les supprimer.

    2) remets un log Hijackthis.
    @+

    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      re,

      nouveau rapport hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 21:39:56, on 15/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp255.tmp.dll (file missing)
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
      O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

      pour les certificats internet explorer je n'ai rien trouvé a+
      0
  13. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp255.tmp.dll (file missing)
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    2) télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en italique ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\WinFlyer32.dll
    C:\Windows\ALCMTR.EXE

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    Remets un log Hijackthis.

    Comment va l'ordi ?
    @+

    0
  14. chrisetsylvain Messages postés 112 Statut Membre
     
    comme la dernière fois je ne trouve pas le rapport j'ai lancé un recherche mais rien ?
    dans results il affiche ça :
    File/Folder C:\WINDOWS\system32\WinFlyer32.dll not found.
    C:\Windows\ALCMTR.EXE moved successfully.

    Created on 05/15/2007 23:18:50

    nouveau hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 23:28:45, on 15/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

    mon ordi n'a pas planté depuis 2 jours ! je pense que c'est grâce à toi !
    merci ! a+
    0
  15. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    le log Hijackthis est propre. C'est déjà ça.

    Fais ça :
    ========================================
    ->Affiche tous les fichiers et dossiers :
    clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

    [Coche] « afficher les dossiers et fichiers cachés »

    [Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    [Décoche] « masquer les extensions dont le type est connu »

    Puis fais [appliquer] pour valider les changements.

    Et [Ok]
    ====================================

    Via l'explorateur, trouves-tu C:\WINDOWS\system32\WinFlyer32.dll ? Si oui, essayes de le supprimer.

    Relance lopxp.bat (du post 9) et poste le rapport (la partie qui m'intéresse est celle du fichiers hosts, tu peux ne poster que cette partie).

    Démarrer, panneau de configuration, Ajout suppression de programmes. Cherche J2SE Runtime Environment.

    Supprime les versions (updates)

    1.5.0.5 et
    1.5.0.11

    Comment va l'ordi ?
    @+
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      bonjour !
      __________________ Modification du fichier Hosts _______________________


      127.0.0.1= Url bloquée Autre= Redirection

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 www.drivecleaner.com ## added by CiD
      127.0.0.1 www.errorprotector.com ## added by CiD
      127.0.0.1 www.errorsafe.com ## added by CiD
      127.0.0.1 www.systemdoctor.com ## added by CiD
      127.0.0.1 www.utils.winfixer.com ## added by CiD
      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 www.win-virus-pro.com ## added by CiD
      127.0.0.1 www.winantispam.com ## added by CiD
      127.0.0.1 www.winantispy.com ## added by CiD
      127.0.0.1 www.winantispyware.com ## added by CiD
      127.0.0.1 www.winantivirus.com ## added by CiD
      127.0.0.1 www.winantiviruspro.com ## added by CiD
      127.0.0.1 www.windrivecleaner.com ## added by CiD
      127.0.0.1 www.windrivesafe.com ## added by CiD
      127.0.0.1 www.winfixer.com ## added by CiD
      127.0.0.1 www.winfixer2006.com ## added by CiD
      127.0.0.1 www.winsoftware.com ## added by CiD

      mon ordi ne plante pas depuis 2 ou 3 jours même quand je change de cession c'est cool ! c'était vraiment galère ! merci ! dis moi le fichier que tu m'as fais chercher je ne le trouve pas mais dans ajout et suppression de programmes j'ai un programme qui s'appelle : win flyer faut-il que je le supprime ? merci !
      0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour, ton programme, c'est Winflyer ou Win flyer ?

    Est ce que tu avais fait ça (fin du post 11) :
    5) Télécharge Hoster

    http://www.funkytoad.com/download/hoster.zip

    Dézippe le sur le bureau.
    Lance Hoster et clique sur "Restore Microsoft's Hosts File".


    Dans les 2 cas (oui ou non), tu recommences.

    Ensuite, tu refais tourner lopxp pour poster le rapport (partie Hosts comme tu as fait au post 27, c'est exactement ce qu'il me fallait).
    @+
    0
  17. chrisetsylvain Messages postés 112 Statut Membre
     
    quand je clique sur ton lien j'obtiens :
    Welcome to www.funkytoad.com!

    Unfortunately we can't process your request because it simply doesn't exist.

    You can head to the Home Page: www.funkytoad.com
    or Go directly to the ZonedOut page: http://www.funkytoad.com/content/view/15/33/
    or were you looking for HostsXpert the Hosts file editor? : http://www.funkytoad.com/content/view/13/31/
    or perhaps Homer, the most excellent localhost webserver found here: http://www.funkytoad.com/content/view/14/32/

    je faits quoi ?

    mon programme c'est winflyer
    merci a+
    0
  18. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    désinstalle winflyer (déconnecte toi du net pour le faire).

    Pour Hoster, rempalce le lien que je t'ai donné par celui-ci : http://www.funkytoad.com/content/view/13/31/

    Choisis Restore MS Hosts comme action.

    Reposte un log lopxp pour vérification.
    @+
    0
    1. chrisetsylvain Messages postés 112 Statut Membre
       
      re,
      rapport loxp :

      _____________ Rapport Lopxp fait le 16/05/2007 à 19:32:23,18 _______________


      /!\ Attention /!\

      Les résultats de ce rapport sont sujets à interprétations,
      Et ne démontrent pas systématiquement des dossiers infectés...


      _________________________ Recherche prédéterminé __________________________


      [X] C:\Program Files\BitDownload Présent !

      Date d'installation/Création du dossier: 07/03/2007 à 14:02
      Dernière modification du dossier le: 14/05/2007 à 11:58

      Recherche des dossiers crées le: 07/03/2007

      C:\Program Files

      07/03/2007 18:32 <REP> OBERON~1 Oberon Media
      07/03/2007 15:59 <REP> FpTest
      07/03/2007 14:02 <REP> BITDOW~1 BitDownload

      C:\Documents and Settings\christelle\Application Data

      07/03/2007 14:02 <REP> BITDOW~1 BitDownload

      C:\Documents and Settings\enfants\Application Data

      07/03/2007 18:24 <REP> Talkback


      _________________________ Recherche heuristique __________________________


      C:\Documents and Settings\christelle\Application Data\SecuROM\UserData


      ___________________________ Tâches planifiées _____________________________

      Tâche cachée à l'utilistateur:

      C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
      Fichier lancé: Scheduled

      Listing de toutes les tâches planifiées:

      MP Scheduled Quick Scan.job: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe Scan -RestrictPrivileges -ScanType 1 -disabled
      Norton AntiVirus - Analyser mon ordinateur - christelle.job: C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
      Norton Security Scan.job: C:\Program Files\Norton Security Scan\Nss.exe /scan-full /scheduleignorenav /scheduled
      RegistrySmart Scheduled Scan.job: C:\Program Files\RegistrySmart\RegistrySmart.exe scheduled


      __________ Détection des paramètres de désinstallation du sponsor _________

      Sponsor P2P:

      Sponsor MSN+:


      __________________ Listing des dossiers Application Data __________________


      C:\Documents and Settings\All Users\Application Data

      Date/heure Création Nom court Nom long

      25/04/2007 à 22:03 | Adobe
      14/04/2007 à 17:48 | ESTsoft
      14/04/2007 à 17:10 | 55-61-~1 55-61-rp-73-30-45
      08/03/2007 à 13:22 | Trymedia
      05/03/2007 à 14:47 | TEMP
      02/03/2007 à 11:15 | Adobe(3)
      21/02/2007 à 21:48 | WHITEC~1 WhiteCap (Holiday Edition)
      21/02/2007 à 14:36 | Google
      21/02/2007 à 14:01 | GOOGLE~1 Google Updater
      17/02/2007 à 15:47 | YAHOO!~1 Yahoo! Companion
      15/02/2007 à 13:19 | MACROV~1 Macrovision
      13/02/2007 à 12:13 | MUMBOJ~1 MumboJumbo
      12/02/2007 à 13:28 | SPYBOT~1 Spybot - Search & Destroy
      07/02/2007 à 10:57 | Adobe(2)
      02/02/2007 à 10:06 | WINDOW~2 Windows Live Toolbar
      31/01/2007 à 16:46 | WINDOW~1 Windows Genuine Advantage
      06/08/2006 à 11:25 | MSSCAN~1 MSScanAppDataDir
      30/06/2006 à 22:51 | CYBERL~1 CyberLink
      30/06/2006 à 21:51 | UDL
      30/06/2006 à 20:38 | QUICKT~1 QuickTime
      30/06/2006 à 18:37 | eConsole
      16/12/2005 à 11:54 | Symantec
      16/12/2005 à 03:08 | MICROS~1 Microsoft


      C:\Documents and Settings\christelle\Application Data

      Date/heure Création Nom court Nom long

      28/04/2007 à 11:10 | REGIST~1 RegistrySmart
      14/04/2007 à 17:49 | ESTsoft
      13/04/2007 à 20:40 | Shareaza
      23/03/2007 à 18:19 | FUNWEB~1 FunWebProducts
      07/03/2007 à 14:02 | BITDOW~1 BitDownload
      03/03/2007 à 19:08 | 7Wonders
      21/02/2007 à 14:32 | Google
      18/02/2007 à 23:02 | iWin
      18/02/2007 à 17:53 | Boomzap
      16/02/2007 à 14:55 | DRIVEC~1 DriveCleaner 2006 Free
      14/02/2007 à 10:36 | SecuROM
      12/02/2007 à 16:32 | Lavasoft
      07/02/2007 à 17:40 | vlc
      31/01/2007 à 19:29 | Talkback
      31/01/2007 à 19:29 | THUNDE~1 Thunderbird
      31/01/2007 à 19:29 | Mozilla
      31/01/2007 à 17:45 | MSNINS~1 MSNInstaller
      15/01/2007 à 12:53 | MEDIAP~1 Media Player Classic
      20/09/2006 à 15:26 | IMAGEZ~1 Image Zone Express
      20/09/2006 à 15:24 | MACROM~1 Macromedia
      16/09/2006 à 17:16 | Help
      11/08/2006 à 17:46 | CYBERL~1 CyberLink
      06/07/2006 à 16:13 | Sun
      30/06/2006 à 22:45 | AdobeUM
      30/06/2006 à 22:42 | EPSON
      30/06/2006 à 18:43 | Adobe
      30/06/2006 à 14:52 | IDENTI~1 Identities
      30/06/2006 à 14:52 | Symantec
      30/06/2006 à 14:52 | MICROS~1 Microsoft


      C:\Documents and Settings\christelle\Local Settings\Application Data

      Date/heure Création Nom court Nom long

      05/03/2007 à 18:27 | Shareaza
      21/02/2007 à 14:32 | Google
      31/01/2007 à 20:07 | APPLIC~1 ApplicationHistory
      31/01/2007 à 19:38 | Mozilla
      31/01/2007 à 19:29 | THUNDE~1 Thunderbird
      07/12/2006 à 16:37 | IDENTI~1 Identities
      16/09/2006 à 17:16 | Help
      16/09/2006 à 16:56 | WMTOOL~1 WMTools Downloaded Files
      30/06/2006 à 18:43 | Adobe
      30/06/2006 à 16:04 | ABBYY
      30/06/2006 à 14:52 | MICROS~1 Microsoft
      30/06/2006 à 14:52 | {3248F~1 {3248F0A6-6813-11D6-A77B-00B0D0150050}


      C:\Documents and Settings\enfants\Application Data

      Date/heure Création Nom court Nom long

      07/03/2007 à 18:24 | Talkback
      21/02/2007 à 18:20 | Google
      20/02/2007 à 19:57 | MESSEN~1 MessengerSkinner
      20/02/2007 à 18:36 | Mozilla
      18/02/2007 à 17:01 | DivX
      18/02/2007 à 16:55 | MEDIAP~1 Media Player Classic
      31/12/2006 à 11:16 | MACROM~1 Macromedia
      29/12/2006 à 11:55 | Adobe
      29/12/2006 à 11:55 | INTERT~1 InterTrust
      22/09/2006 à 16:23 | Help
      20/08/2006 à 11:29 | CYBERL~1 CyberLink
      06/07/2006 à 09:23 | EPSON
      30/06/2006 à 19:51 | IDENTI~1 Identities
      30/06/2006 à 19:51 | Symantec
      30/06/2006 à 19:51 | MICROS~1 Microsoft


      C:\Documents and Settings\enfants\Local Settings\Application Data

      Date/heure Création Nom court Nom long

      21/02/2007 à 18:20 | Google
      20/02/2007 à 18:36 | Mozilla
      22/09/2006 à 16:23 | Help
      30/06/2006 à 19:51 | MICROS~1 Microsoft
      30/06/2006 à 19:51 | {3248F~1 {3248F0A6-6813-11D6-A77B-00B0D0150050}


      ____________________ Listing du dossier Program Files _____________________

      C:\Program Files

      Date/heure Création Nom court Nom long

      15/05/2007 à 20:57 | Navilog1
      11/05/2007 à 10:24 | HIJACK~1 Hijackthis Version Fran‡aise
      03/05/2007 à 00:24 | REGIST~3 Registry Clean Pro
      29/04/2007 à 13:02 | REGIST~1 RegistrySmart
      25/04/2007 à 21:46 | NORTON~2 Norton Security Scan
      24/04/2007 à 11:10 | Trymedia
      15/04/2007 à 13:12 | FAIRYT~1 Fairy Treasure
      14/04/2007 à 18:42 | JEWELS~1 Jewels of Cleopatra
      14/04/2007 à 18:41 | REFLEX~1 ReflexiveArcade
      14/04/2007 à 17:48 | ESTsoft
      14/04/2007 à 17:10 | GAMEHO~1 GameHouse
      13/04/2007 à 20:40 | Shareaza
      12/04/2007 à 22:42 | A-SQUA~1 a-squared Free
      12/04/2007 à 22:28 | Grisoft
      12/04/2007 à 15:40 | Samsung
      06/04/2007 à 08:48 | Ahead
      06/04/2007 à 08:29 | 3PLANE~1 3Planesoft Screensaver Manager
      06/04/2007 à 08:29 | THELOS~1 The Lost Watch 3D Screensaver
      04/04/2007 à 13:33 | Real
      08/03/2007 à 17:11 | VideoLAN
      07/03/2007 à 18:32 | OBERON~1 Oberon Media
      07/03/2007 à 15:59 | FpTest
      07/03/2007 à 14:02 | BITDOW~1 BitDownload
      06/03/2007 à 14:49 | FREEAN~1 FreeAngel
      03/03/2007 à 19:08 | MUMBOJ~1 MumboJumbo
      02/03/2007 à 21:38 | MACROG~1 Macrogaming
      24/02/2007 à 18:42 | REGCLE~1 RegCleaner
      24/02/2007 à 12:23 | 3BSOFT~1 3B Software
      23/02/2007 à 18:02 | SYMNET~1 SymNetDrv
      23/02/2007 à 17:53 | Symantec
      22/02/2007 à 21:38 | ONLINE~1 Online Services
      22/02/2007 à 20:58 | MICROS~3 Microsoft Works
      21/02/2007 à 14:25 | Picasa2
      19/02/2007 à 17:24 | ROXYPA~1 roxypalace_fr_T
      18/02/2007 à 17:00 | Google
      18/02/2007 à 16:59 | DivX
      17/02/2007 à 11:17 | CCleaner
      12/02/2007 à 20:59 | Yahoo!
      12/02/2007 à 16:32 | Lavasoft
      12/02/2007 à 14:25 | AOLSEC~1 AOL Security Toolbar
      12/02/2007 à 13:28 | SPYBOT~1 Spybot - Search & Destroy
      12/02/2007 à 11:22 | SOFT4E~1 Soft4Ever
      12/02/2007 à 10:24 | ALWILS~1 Alwil Software
      07/02/2007 à 17:35 | FREEPL~1 Freeplayer
      07/02/2007 à 10:49 | WI4DF6~1 Windows Media Connect 2
      04/02/2007 à 14:19 | COMMON~1 Common Files
      03/02/2007 à 12:44 | LimeWire
      02/02/2007 à 10:06 | WI48FA~1 Windows Live Favorites
      02/02/2007 à 10:06 | WINDOW~4 Windows Live Toolbar
      02/02/2007 à 09:53 | MSNMES~1 MSN Messenger
      31/01/2007 à 19:38 | MOZILL~2 Mozilla Firefox
      31/01/2007 à 19:29 | MOZILL~1 Mozilla Thunderbird
      31/01/2007 à 19:06 | FILEZI~1 FileZilla
      26/01/2007 à 16:22 | Free
      07/01/2007 à 20:00 | SATSUK~1 Satsuki Decoder Pack
      20/09/2006 à 15:23 | HP
      12/09/2006 à 17:05 | MICROA~1 Micro Application
      11/09/2006 à 15:19 | ANUMAN~1 Anuman Interactive
      15/08/2006 à 18:43 | KINGSM~1 Kings Mahjongg
      28/07/2006 à 16:43 | SIERRA~1 Sierra On-Line
      28/07/2006 à 16:43 | Intel
      06/07/2006 à 14:54 | MICROS~2 Microsoft Office
      30/06/2006 à 21:43 | EPSON
      30/06/2006 à 20:39 | QUICKT~1 QuickTime
      30/06/2006 à 18:50 | ALBUMP~1 Album Photos Kodak
      30/06/2006 à 14:53 | Acer
      16/12/2005 à 11:53 | INSTAL~1 InstallShield Installation Information
      16/12/2005 à 11:53 | NORTON~1 Norton AntiVirus
      16/12/2005 à 03:24 | FICHIE~1 Fichiers communs
      16/12/2005 à 03:22 | CYBERL~1 CyberLink
      16/12/2005 à 03:21 | Java
      16/12/2005 à 03:20 | NEWTEC~1 NewTech Infosystems
      16/12/2005 à 03:18 | Adobe
      16/12/2005 à 03:17 | INTERN~1 Internet Explorer
      16/12/2005 à 03:17 | UNINST~1 Uninstall Information
      16/12/2005 à 03:14 | Realtek
      16/12/2005 à 03:11 | MESSEN~1 Messenger
      16/12/2005 à 03:08 | xerox
      16/12/2005 à 03:08 | MICROS~1 microsoft frontpage
      16/12/2005 à 03:08 | WINDOW~1 Windows Media Player
      16/12/2005 à 03:07 | SERVIC~1 Services en ligne
      16/12/2005 à 03:07 | WINDOW~3 WindowsUpdate
      16/12/2005 à 03:07 | NETMEE~1 NetMeeting
      16/12/2005 à 03:07 | OUTLOO~1 Outlook Express
      16/12/2005 à 03:07 | MOVIEM~1 Movie Maker
      16/12/2005 à 03:06 | COMPLU~1 ComPlus Applications
      16/12/2005 à 03:06 | MSNGAM~1 MSN Gaming Zone
      16/12/2005 à 03:06 | WINDOW~2 Windows NT
      16/12/2005 à 03:06 | MSN


      __________________________ Recherche dans le registre _____________________


      # Clés de démarrage :


      _____________________ Modification du fichier Hosts _______________________


      127.0.0.1= Url bloquée Autre= Redirection



      __________________________ Popups autorisées ______________________________


      # Internet Explorer

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
      www.pandasoftware.fr REG_BINARY


      # Mozilla Firefox (1 autorisé 2 interdit)

      host popup 1 sport24.lefigaro.fr
      host popup 1 www.paroles.net
      host popup 1 security.symantec.com
      host popup 1 www.pandasoftware.fr
      host popup 1 www.bestofkids.net
      host popup 1 www.bienpublic.com

      # Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


      ___________________________ Zones de sécurité _____________________________


      # HKCU Domains (4)

      # P3P History (5)


      ___________________ Suggestion nettoyage registre _______________

      (Pour désinfection manuelle)

      - Aucune suggestion

      _________________________ Fin du rapport ________________________

      pour winflyer impossible de supprimer il met une fenêtre RUNDLL module spécifié introuvable
      a+
      0
  19. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    on progresse, le fichier Hosts est propre aussi.

    Mais il y a encore des répertoires nocifs.

    1) Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Regarde le tuto
    Exécute le en choisissant l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    2) Désinstalle bitdownload par panneau de configuration, ajout/suppression de programmes si tu le trouves.

    Sinon, supprimes par OTMoveit :
    C:\Program Files\BitDownload
    C:\Documents and Settings\christelle\Application Data\BitDownload

    3) Pour winFlyer, parfait.

    4) remets un log hijackthis;
    @+

    0
  20. chrisetsylvain Messages postés 112 Statut Membre
     
    rapport smitfraud :

    SmitFraudFix v2.183

    Rapport fait à 21:06:25,96, 16/05/2007
    Executé à partir de C:\Documents and Settings\christelle\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Registry Clean Pro\Monitor.exe
    C:\Program Files\Registry Clean Pro\Scheduler.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christelle

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christelle\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.53.252
    DNS Server Search Order: 212.27.54.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F39662D9-7FB3-4232-9BB7-DD0729083A73}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F39662D9-7FB3-4232-9BB7-DD0729083A73}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F39662D9-7FB3-4232-9BB7-DD0729083A73}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    pour supprimer avec movelt je clique movelt ou clean up ?
    merci !
    0
  21. chrisetsylvain Messages postés 112 Statut Membre
     
    sorry pour molelt j'ai relu mes notes voilà c'est fait dans results :

    C:\Program Files\BitDownload\ZM moved successfully.
    C:\Program Files\BitDownload moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data\TmpDir moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data\LgDir moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data\DataDir moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data\BackUp\LgDir moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data\BackUp\DataDir moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data\BackUp moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload\Data moved successfully.
    C:\Documents and Settings\christelle\Application Data\BitDownload moved successfully.

    Created on 05/16/2007 21:18:59

    rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 21:23:18, on 16/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Registry Clean Pro\Monitor.exe
    C:\Program Files\Registry Clean Pro\Scheduler.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6A\AOL_security_toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

    merci beaucoup et a+ !
    0
  • 1
  • 2