Adware.lop besoin d'aide.

Hélène -  
 moe -
J'ai adware.lop sur mon ordinateur et je ne sais comment le supprimer. C'est le logiciel gratuit de symantec inclut dans le pack Google qui l'a remarqué alors que Avast et Spyware Doctor n'avaient rien capter. J'inclus le rapport de HijackThis. J'espere que quelqu'un pourra me donner la solution. Merci d'avance.

Logfile of HijackThis v1.99.1
Scan saved at 19:19:48, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HLNELE~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKCU\..\Run: [MP3Chansons] rundll32.exe C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\MP3Chansons (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/online2/chainz_2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game15.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylom.servicesalacarte.wanadoo.fr/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/rocket_mania/Oberongamesloader.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: -oxcfxmzj - C:\WINDOWS\system32\jgyzgc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Configuration: Windows XP
Internet Explorer 7.0

69 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Adware.lop est le logiciel indésirable identifié sur le système et la problématique porte sur sa suppression efficace après détection par HijackThis dans un environnement Windows XP SP2.
Plusieurs éléments du rapport indiquent des composants potentiellement indésirables comme i-Nav et des BHO, ainsi que des entrées de démarrage suspectes, justifiant leur désactivation ou suppression via HijackThis et un nettoyage du registre.
En cas d'échec, des outils complémentaires de suppression sécurisée et une vérification des services et programmes louches, tels que AOL ACS ou Avast, peuvent être envisagés, tout en sauvegardant les données essentielles.
Des précautions de sécurité et des sauvegardes régulières sont recommandées, car la présence d'adware peut s'accompagner de risques de fuite d'informations et de ralentissements système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    dans démarrer puis PANNEAU DE CONFIGURATION puis AJOUT SUPPRESSION DE PROGRAMME

    cherche quelque chose comme CID et msn plus et desinstalle les
    si tu doit réinstaller msn plus fait le sans les sponsor surtout

    --------------------

    si ca persiste:

    popups ouverture de fenetres internet publicitaires pop up
    0
  2. Hélène
     
    Je n'avais rien en CID, j'ai désinstaller msn plus, mais sa me dit que le sponsor a été endommagé que je dois réinstaller pour mieux désinstaller ce que j'ai fais mais j'ai toujours le même message.
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    sophos antirootkit

    http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

    ____________________

    scan avec des antiespions (en mode sans échec):

    spybot :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    voir demo d utilisation (merci Balltrap)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    _________________________

    scan avec vundo (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    ________________________
    AVG antispyxare

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    _________________________

    télécharger sur le bureau
    Navilog.zip
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    = Double-Clic navilog1.zip
    = Extraire tout sur le bureau
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1

    un rapport : fixnavi.txt dans C : va se creer
    le copier/coller dans ton prochain message.
    0
  4. Hélène
     
    Rapport virtumondebegone:

    [07/21/2007, 10:17:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Hélène Legrand\Mes documents\jean-marie.legrand5\VirtumundoBeGone.exe" )
    [07/21/2007, 10:17:35] - Detected System Information:
    [07/21/2007, 10:17:35] - Windows Version: 5.1.2600, Service Pack 2
    [07/21/2007, 10:17:35] - Current Username: Hélène Legrand (Admin)
    [07/21/2007, 10:17:35] - Windows is in NORMAL mode.
    [07/21/2007, 10:17:35] - Searching for Browser Helper Objects:
    [07/21/2007, 10:17:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [07/21/2007, 10:17:35] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [07/21/2007, 10:17:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/21/2007, 10:17:35] - No filename found. Continuing.
    [07/21/2007, 10:17:35] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [07/21/2007, 10:17:35] - BHO 4: {CE000992-A58C-4441-8938-744CD72AB27F} (i-Nav IDN Resolver)
    [07/21/2007, 10:17:35] - Finished Searching Browser Helper Objects
    [07/21/2007, 10:17:35] - Finishing up...
    [07/21/2007, 10:17:35] - Nothing found! Exiting...

    Par contre j'ai suivi tes conseils à la lettre mais VundoFix n'a trouvé aucune infection et n'a pas redemmaré mon ordinateur. Je refais une analyse symantec pour savoir si adware.lop se trouve toujours sur mon ordinateur. Merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Hélène
     
    J'ai fait aussi l'analyse Navilog1 voila le rapport:

    Search Navipromo version 2.0.5 commencé le 21/07/2007 à 10:28:03,62

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\H‚lŠne Legrand\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 07/21/07 at 10:28:06.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items .................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 07/21/07 at 10:33:00 (return code = 0).

    *** Recherche fichiers ***

    *** Recherche cles registre ***

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    Recherche Clé Magic Control

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :
    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    3)Recherche Certificats :

    *** Analyse Terminé le 21/07/2007 à 10:33:33,92 ***
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il n' y a rien

    tu peux confirmer avec le logiciel qui te trouvé lop au depart (norton/symantec)

    encore des pbs?

    _________________
    si oui fait ca:

    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    __________________________colle le rapport

    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html

    _______________________________

    utilise aussi pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ______________________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    scan en ligne firefox

    https://www.trendmicro.com/fr_fr/business.html

    ____________________________

    recolle hijackthis et dis tes pbs

    si pas de pubs:

    pour protéger gratos ton ordi

    securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions:

    AD AWARE + SPYBOT + WINDOWS DEFENDER

    +/-
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  8. Hélène
     
    Symantec trouve toujours adware.lop présent sur mon ordinateur

    Voila le résultat combofix (qui ma bien fait planté et a fait disparaitre internet explorer de ma session)

    "H‚lŠne Legrand" - 2007-07-21 10:58:51 - ComboFix 07-07-14.6 - Service Pack 2 NTFS

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\HLNELE~1\Bureau.\internet explorer.lnk
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\cup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\heart.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_down.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_up.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\plates.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\ticket.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\tray.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalk.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancel.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancelup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\close.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\closeup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continueover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplay.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off_on.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on_on.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pause.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pauseover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quit.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgame.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegame.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submit.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submitup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagain.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\career.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\customer.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\endless.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\global.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\powerups.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\stove.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\arrow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click2.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\grab.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\open.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\arial.mvec
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\textedit.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\title.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\playfirst_logo.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\credits.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\game.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help2.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelover.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\loading.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\ok.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\pause.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\style.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upsell.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\yesno.lua
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\strings.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\check.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\checkmark.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\clock.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closed.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closingtime.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\dollar.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expert.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expertscore.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\fork_timer.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level_career.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\score.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\sound.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staroff.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staron.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumber.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\traynumber.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\dinerdash.exe

    ((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))

    2007-07-21 10:52 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-21 10:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-07-20 20:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-07-20 20:14 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-07-20 20:11 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-07-20 18:13 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2007-06-27 08:02 <REP> d-------- C:\DOCUME~1\STPHAN~1\WINDOWS

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-21 08:02:27 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-07-21 07:50:36 -------- d-----w C:\Program Files\Norton Security Scan
    2007-07-20 19:25:45 -------- d-----w C:\Program Files\MSN Messenger
    2007-07-20 19:05:19 -------- d-----w C:\Program Files\Messager Wanadoo
    2007-07-20 17:57:44 78 ----a-w C:\WINDOWS\system32\jgyzgca.dll
    2007-07-20 17:43:18 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
    2007-07-20 17:42:24 -------- d-----w C:\Program Files\YDKJWIN
    2007-07-11 11:54:26 -------- d-----w C:\Program Files\Spyware Doctor
    2007-07-07 08:06:47 -------- d-----w C:\Program Files\Alice
    2007-06-27 06:29:06 -------- d-----w C:\Program Files\Sierra On-Line
    2007-06-25 08:45:56 -------- d-----w C:\DOCUME~1\HLNELE~1\APPLIC~1\Apple Computer
    2007-06-23 07:02:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-17 07:42:33 9,668 ----a-w C:\DOCUME~1\HLNELE~1\APPLIC~1\ViewerApp.dat
    2007-06-17 06:47:20 -------- d-----w C:\Program Files\info thunk
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2005-07-07 17:59:18 67,072 --sha-r C:\WINDOWS\system32\jgyzgc.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE000992-A58C-4441-8938-744CD72AB27F}]
    2005-05-02 15:39 446464 --a------ C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" []
    "Alcmtr"="ALCMTR.EXE" [2004-07-20 11:22 C:\WINDOWS\ALCMTR.EXE]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-20 12:29]
    "WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 03:24]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-05-07 18:14]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2002-06-26 19:07]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 08:09]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-03-19 01:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MP3Chansons"=" C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "WOOKIT"=C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ -oxcfxmzj]
    C:\WINDOWS\system32\jgyzgc.dll -rahs---- 2005-07-07 19:59 67072 C:\WINDOWS\system32\jgyzgc.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc755aa-37cc-11da-9698-0090d0983f3f}]
    AutoRun\command- setupSNK.exe

    *Newly Created Service* - ERASERUTILDRVI2
    *Newly Created Service* - GTNDIS5

    Contents of the 'Scheduled Tasks' folder
    2007-07-21 09:00:00 C:\WINDOWS\tasks\A5C1C280918A7E48.job
    2007-07-20 17:59:05 C:\WINDOWS\tasks\Norton Security Scan.job
    2007-07-21 09:03:00 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-21 11:04:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-21 11:05:12
    C:\ComboFix-quarantined-files.txt ... 2007-07-21 11:05

    --- E O F ---

    Le rapport clean

    21/07/2007 a 11:21:42,20

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.2" FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\Dynamic Toolbar\" FOUND
    "C:\Program Files\MyWebSearch\" FOUND
    "C:\Program Files\Viewpoint\" FOUND
    *** Fin du rapport !

    Résultat rapport Bitdefender

    BitDefender Online Scanner

    Rapport d'analyse généré à: Sat, Jul 21, 2007 - 12:52:08

    Voie d'analyse: C:\;D:\;F:\;G:\;H:\;I:\;

    Statistiques

    Temps
    01:23:45

    Fichiers
    296815

    Directoires
    7554

    Secteurs de boot
    3

    Archives
    8423

    Paquets programmes
    17542

    Résultats

    Virus identifiés
    6

    Fichiers infectés
    17

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    16

    Info sur les moteurs

    Définition virus
    639816

    Version des moteurs
    AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    6

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\Documents and Settings\All Users\Application Data\Less Vc Defy Option\Eggschin.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\Documents and Settings\All Users\Application Data\Less Vc Defy Option\Eggschin.exe
    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Less Vc Defy Option\Eggschin.exe
    Supprimé

    C:\Documents and Settings\Hélène Legrand\Mes documents\Msn\Messenger Plus! - Setup.exe
    Infecté par: Trojan.Downloader.Swizzor.AG

    C:\Documents and Settings\Hélène Legrand\Mes documents\Msn\Messenger Plus! - Setup.exe
    Echec de la désinfection

    C:\Documents and Settings\Hélène Legrand\Mes documents\Msn\Messenger Plus! - Setup.exe
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dvnny.class
    Infecté par: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dvnny.class
    Echec de la désinfection

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dvnny.class
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4
    Mis à jour

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dix.class
    Infecté par: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dix.class
    Echec de la désinfection

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dix.class
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4
    Mis à jour

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dux.class
    Infecté par: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dux.class
    Echec de la désinfection

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4=>Dux.class
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-439613c4
    Mis à jour

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dvnny.class
    Infecté par: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dvnny.class
    Echec de la désinfection

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dvnny.class
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip
    Mis à jour

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dix.class
    Infecté par: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dix.class
    Echec de la désinfection

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dix.class
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip
    Mis à jour

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dux.class
    Infecté par: Trojan.Java.ClassLoader.D

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dux.class
    Echec de la désinfection

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip=>Dux.class
    Supprimé

    C:\Documents and Settings\Jean-Marie Legrand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-2b528ce2.zip
    Mis à jour

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145494.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145494.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145494.exe
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145495.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145495.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145495.exe
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145496.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145496.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP812\A0145496.exe
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP838\A0155598.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP838\A0155598.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP838\A0155598.exe
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP838\A0155601.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP838\A0155601.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP838\A0155601.exe
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP847\A0157965.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP847\A0157965.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP847\A0157965.exe
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP853\A0159394.exe
    Infecté par: Trojan.FatObfus.Gen

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP853\A0159394.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP853\A0159394.exe
    Supprimé

    C:\WINDOWS\Downloaded Program Files\installer.dll
    Infecté par: Trojan.Downloader.Clickme.A

    C:\WINDOWS\Downloaded Program Files\installer.dll
    Echec de la désinfection

    C:\WINDOWS\Downloaded Program Files\installer.dll
    Supprimé

    C:\WINDOWS\system32\jgyzgc.dll
    Infecté par: Trojan.Agent.FK

    C:\WINDOWS\system32\jgyzgc.dll
    Echec de la désinfection

    C:\WINDOWS\system32\jgyzgc.dll
    Echec de la suppression

    Sinon j'ai CCleaner depuis plusieurs mois et je l'applique régulierement, j'ai avast et spyware doctor.
    Voila si y a une solution... Merci.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolle un rapport hijackthis svp

    désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    scan avec vundo

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    puis :

    virtumondebegone

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    puis Symantec Vundo Remove Tool

    https://www.broadcom.com/support/security-center

    et

    https://www.broadcom.com/support/security-center
    reactive la restauration systeme

    refait un scan en ligne bitdefender et colle le rapport
    0
  10. Hélène
     
    Rapport Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:01:50, on 23/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Hélène Legrand\Mes documents\jean-marie.legrand5\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKCU\..\Run: [MP3Chansons] rundll32.exe C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\MP3Chansons (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/online2/chainz_2/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game15.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylom.servicesalacarte.wanadoo.fr/activex/zylomloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/rocket_mania/Oberongamesloader.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: -oxcfxmzj - C:\WINDOWS\system32\jgyzgc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  11. Hélène
     
    J'ai désactivé la restauration de système

    Vundofix m'indique qu'il n'y a pas d'infection et ne redémarre pas mon ordinateur.

    ______________________________________________________________________________

    Le rapport virtumondebegone

    [07/23/2007, 11:08:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Hélène Legrand\Mes documents\jean-marie.legrand5\VirtumundoBeGone.exe" )
    [07/23/2007, 11:08:49] - Detected System Information:
    [07/23/2007, 11:08:49] - Windows Version: 5.1.2600, Service Pack 2
    [07/23/2007, 11:08:51] - Current Username: Hélène Legrand (Admin)
    [07/23/2007, 11:08:51] - Windows is in NORMAL mode.
    [07/23/2007, 11:08:51] - Searching for Browser Helper Objects:
    [07/23/2007, 11:08:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [07/23/2007, 11:08:51] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [07/23/2007, 11:08:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/23/2007, 11:08:51] - No filename found. Continuing.
    [07/23/2007, 11:08:51] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [07/23/2007, 11:08:51] - BHO 4: {CE000992-A58C-4441-8938-744CD72AB27F} (i-Nav IDN Resolver)
    [07/23/2007, 11:08:51] - Finished Searching Browser Helper Objects
    [07/23/2007, 11:08:51] - Finishing up...
    [07/23/2007, 11:08:51] - Nothing found! Exiting...

    _________________________________________________________________________________

    Rapport Symantec Vundo Remove Tool :
    Symantec Trojan.Vundo.B Removal Tool 1.0.0

    Trojan.Vundo.B has not been found on your computer.

    _________________________________________________________________________________

    Rapport Symantec Fixvundo:

    Symantec Trojan.Vundo Removal Tool 1.5.0
    The process "iexplore.exe" might be affected by the threat. It cannot be terminated.
    The process "iexplore.exe" might be affected by the threat. It has been terminated.

    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\01\10-{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}-v1-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v10-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\13\113-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v113-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v113-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\14\114-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v114-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v114-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\15\115-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v115-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v115-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\16\116-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v116-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v116-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\17\117-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v117-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v117-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\18\118-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v118-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v118-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\19\119-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v119-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v119-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\20\120-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v120-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v120-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\21\121-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v121-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v121-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\22\122-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v122-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v122-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\23\123-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v123-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v123-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\24\124-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v124-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v124-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\25\125-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v125-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v125-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\26\126-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v126-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v126-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\27\127-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v127-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v127-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\28\128-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v128-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v128-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\29\129-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v129-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v129-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\coyotegirl@hotmail.fr\DFSR\Staging\CS{FB1EE362-9035-ACD1-00D3-39FACF23A9CC}\30\130-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v130-{9A61033E-1D95-46C9-B69F-EABC92BF2985}-v130-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\01\29-{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}-v1-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v29-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\04\105-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v104-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v105-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\09\112-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v109-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v112-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\10\115-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v110-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v115-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\11\114-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v111-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v114-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\16\118-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v116-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v118-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\27\33-{E3FE1551-66A9-4ABE-8468-63B1D87086A9}-v27-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v33-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\30\24-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v30-{E3FE1551-66A9-4ABE-8468-63B1D87086A9}-v24-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\33\37-{E3FE1551-66A9-4ABE-8468-63B1D87086A9}-v33-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v37-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\56\61-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v56-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v61-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\57\62-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v57-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v62-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\58\63-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v58-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v63-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\59\88-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v59-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v88-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\65\71-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v65-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v71-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\66\78-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v66-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v78-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\67\73-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v67-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v73-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\68\74-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v68-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v74-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\69\77-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v69-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v77-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\70\81-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v70-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v81-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\79\82-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v79-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v82-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\80\83-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v80-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v83-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\98\102-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v98-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v102-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Hélène Legrand\Local Settings\Application Data\Microsoft\Messenger\seriale_killeusedu59@hotmail.fr\SharingMetadata\lensois@hotmail.fr\DFSR\Staging\CS{42DF8E41-6264-57DA-1BEA-D5858D3AC1D1}\99\103-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v99-{E86CB6CA-F409-4B40-808B-8E975D34A539}-v103-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\H?ne Legrand: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Application Data: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Bureau: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Cookies: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Favoris: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Local Settings\Application Data: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Local Settings\Historique: (not scanned)
    C:\Documents and Settings\Stéphanie Legrand\Local Settings\Temp: (not scanned)
    C:\System Volume Information: (not scanned)

    Trojan.Vundo has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 109173
    The number of deleted files: 0
    The number of viral processes terminated: 1
    The number of viral threads terminated: 0
    The number of registry entries fixed: 0

    __________________________________________________________________________________

    Puis j'ai réactivé la restauration de système.

    Je fais l'analyse bitdefender une fois fini je la colle.
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    O20 - Winlogon Notify: -oxcfxmzj - C:\WINDOWS\system32\jgyzgc.dll

    ok colle le rapport du scan en ligne et hijackthis pour verifier cette ligne

    si toujours presente:

    Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
    O20 - Winlogon Notify: -oxcfxmzj - C:\WINDOWS\system32\jgyzgc.dll

    Ferme HijackThis.

    Double clic sur killbox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    - Sélectionne "single File"
    - copie et colle:

    C:\WINDOWS\system32\jgyzgc.dll

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Si ce message s’affiche ignore le :
    http://tinypic.com/images/goodbye.jpg
    Laisse le pc redémarrer.

    Et après reposte un log HijackThis.
    0
  13. Hélène
     
    BitDefender Online Scanner

    Rapport d'analyse généré à: Mon, Jul 23, 2007 - 13:52:52

    Voie d'analyse: C:\;D:\;F:\;G:\;H:\;I:\;

    Statistiques

    Temps
    01:01:04

    Fichiers
    293778

    Directoires
    7076

    Secteurs de boot
    3

    Archives
    8353

    Paquets programmes
    17721

    Résultats

    Virus identifiés
    1

    Fichiers infectés
    1

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    0

    Info sur les moteurs

    Définition virus
    639987

    Version des moteurs
    AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    6

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\WINDOWS\system32\jgyzgc.dll
    Infecté par: Trojan.Agent.FK

    C:\WINDOWS\system32\jgyzgc.dll
    Echec de la désinfection

    C:\WINDOWS\system32\jgyzgc.dll
    Echec de la suppression

    _____________________________________________________________________________________
    Logfile of HijackThis v1.99.1
    Scan saved at 13:58:39, on 23/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Hélène Legrand\Mes documents\jean-marie.legrand5\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKCU\..\Run: [MP3Chansons] rundll32.exe C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\MP3Chansons (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/online2/chainz_2/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game15.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylom.servicesalacarte.wanadoo.fr/activex/zylomloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/rocket_mania/Oberongamesloader.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: -oxcfxmzj - C:\WINDOWS\system32\jgyzgc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    __________________________________________________________________________________

    Comme la ligne est toujours présente je vais effectuer ce que tu m'as dit.
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    fait apres smitfraud fix
    et colle le rapport

    http://telechargement.zebulon.fr/smitfraudfix.html

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée
    0
  15. Hélène
     
    Le rapport Hijackthis après killbox.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:17:39, on 23/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Hélène Legrand\Mes documents\jean-marie.legrand5\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKCU\..\Run: [MP3Chansons] rundll32.exe C:\WINDOWS\system32\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3Chansons:t
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: MP3Chansons - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\MP3Chansons (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/online2/chainz_2/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game15.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylom.servicesalacarte.wanadoo.fr/activex/zylomloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/rocket_mania/Oberongamesloader.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: -oxcfxmzj - C:\WINDOWS\system32\jgyzgc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Désormais j'effectue SmitfraudFix
    0
  16. Hélène
     
    Résultat après nettoyage en mode sans échec:

    SmitFraudFix v2.195

    Rapport fait à 14:30:21,95, 23/07/2007
    Executé à partir de C:\Documents and Settings\H‚lŠne Legrand\Mes documents\jean-marie.legrand5\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B22FC64-70B2-4EC6-9E7A-68BEF5FB6E26}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B22FC64-70B2-4EC6-9E7A-68BEF5FB6E26}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{1B22FC64-70B2-4EC6-9E7A-68BEF5FB6E26}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  17. Hélène
     
    Quand je fais l'analyse Symantec: J'ai toujours adware.lop.
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    dans démarrer puis PANNEAU DE CONFIGURATION puis AJOUT SUPPRESSION DE PROGRAMME

    cherche quelque chose comme CID et msn plus et desinstalle les
    si tu doit réinstaller msn plus fait le sans les sponsor surtout

    ____________________

    tu l'as fait?
    0
  19. Hélène
     
    J'ai fait les 2 je n'ai rie en CiD et msn plus àété désinstallé.
    0
  20. Hélène
     
    Il n'y a aucun site inscrit dans site de confiance et je n'arrive pas à demarrer clean up quand je clique sur nettoyer j'ai un message " Erreur E/S 103."
    0
  • 1
  • 2
  • 3
  • 4