Ecran qui s'éteint + fenêtres intempestives

Julien -  
 Utilisateur anonyme -
Bonjour,
depuis quelques semaines, j'ai pas mal de problème sur mon PC:
L'écran s'éteint parfois alors que le PC tourne toujours. je dois arrêter l'UC puis la redémarrer.
J'ai également souvent des fenêtre intempestives (faux anti-spaywares, sites pornos, casinos, sites de paris...).
j'ai passé VirusScan, AdAware, Spybot, ça ne résout pas mon problème. Est-ce que quelqu'un a une idée? Voici le log HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:13, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17492023-C23A-453E-A040-C7C580BBF704 - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux -
O16 - DPF: teleir_cert -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 9720 bytes

Julien.
Configuration: Windows XP
Internet Explorer 6.0

10 réponses

  1. Utilisateur anonyme
     
    SLT

    Fais un clic droit sur ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans mon avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
    1. Julien
       
      Merci Nanard4700 pour la réponse.
      J'ai passé Navilog, le log est ci-dessous.
      Outre les problèmes d'écran qui s'éteint et de fenêtres intempestives, j'ai également remarqué que, depuis quelques jours, de temps en temps, toutes les fenêtre se figent, on ne peut plus rien faire peandant quelques secondes...

      Search Navipromo version 2.0.7 commencé le 11/08/2007 à 16:12:48,56

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Poster ce rapport sur le forum pour le faire analyser !!!
      !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

      Fix lancé depuis C:\Program Files\navilog1
      Mise a jour le 08.08.2007 a 18h00 by IL-MAFIOSO

      Executé en mode normal

      *** Recherche Programmes installes ***




      *** Recherche dossiers dans C:\WINDOWS ***




      *** Recherche dossiers dans C:\Program Files ***




      *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




      *** Recherche dossiers dans C:\Documents and Settings\Regina\Application Data ***



      *** Recherche avec BlackLight Engine/F-secure ***
      BlackLight Engine est un produit de F-secure, pour + d'infos :
      https://www.f-secure.com/en

      Fichier(s) caché(s) dans C:\WINDOWS\system32 :

      c:\WINDOWS\system32\uqqlfsv.dat
      C:\windows\system32\uqqlfsv.exe
      c:\WINDOWS\system32\uqqlfsv_nav.dat
      c:\WINDOWS\system32\uqqlfsv_navps.dat

      Processus caché(s) dans C:\WINDOWS\system32 :

      C:\windows\system32\uqqlfsv.exe


      *** Recherche fichiers ***


      C:\WINDOWS\pack.epk trouvé !
      C:\WINDOWS\system32\nvs2.inf trouvé !


      *** Recherche cles registre ***


      Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



      Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDHTML_1026.dll


      Recherche Clé Magic Control

      HKEY_CURRENT_USER\Software\Lanconfig trouvé !
      HKEY_USERS\S-1-5-21-334337264-1907411925-173008773-1006\Software\Lanconfig trouvé !


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche fichiers connus:


      2)Recherche Heuristique :
      *
      C:\WINDOWS\system32\uqqlfsv.dat trouvé !
      **
      C:\WINDOWS\system32\uqqlfsv.dat trouvé !
      ***
      ****
      C:\WINDOWS\system32\uqqlfsv_navps.dat trouvé !
      *****
      ******
      *******
      ********
      C:\WINDOWS\system32\shdcdyvwd.exe trouvé !
      *********

      3)Recherche Certificats :

      Certificat Egroup trouvé !


      *** Recherche avec GenericNaviSearch Beta ***
      !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A verifier impérativement avant toute suppression manuelle !!!

      Fichiers trouvés :

      Aucun Fichier trouvé !

      Fichiers suspects :

      Aucun Fichier suspect trouvé !


      *** Analyse Terminé le 11/08/2007 à 16:43:43,43 ***
      0
  2. Utilisateur anonyme
     
    ok il a bien trouvé l´infection

    2eme etape:

    Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option pour exécuter Windows en mode sans échec, puis appuie sur "[Entrée]"

    * Double-clique sur Navilog1.bat.
    * Suis les instructions.
    * Choisis ensuite l'option 2 puis valide.
    * Laisse toi guider et réponds aux questions éventuelles.
    * Ton bureau va disparaître, c'est normal !
    * Patiente jusqu'à l'apparition de ce message : "*** Nettoyage Termine le ..... ***"
    * Appuie sur une touche comme demandé : le Bloc-notes va s'ouvrir.
    * Sauvegarde le rapport de manière à pouvoir le retrouver en mode normal.
    * Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt)

    * Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    * Choisis l'onglet Contenu puis onglet Certificats.
    * Si tu trouves les programmes suivants (en particulier dans "Editeurs approuvés" ), supprime-les :

    electronic-group
    egroup
    Montorgueil
    VIP
    Sunny Day Design Ltd

    poste le rapport stp...

    IL te reste encore des infections .Apres avoir fait ci dessus post un nouveau rapport hijackthis.Je te dirais la facon de l'iradiquer
    0
    1. Julien
       
      Merci Nanard4700, voici mon premier rapport:cleannavi.txt. A noter qu'en mode sans échec, navilog a redémarré tout seul l'ordinateur en mode normal. Le rapport est apparu au redémarrage.

      Je vais maintenat suivre les indications pour les certificats IE, et te tiens au courant.

      Clean Navipromo version 2.0.7 commencé le 11/08/2007 à 17:40:16,06

      Fix lancé depuis C:\Program Files\navilog1
      Mise a jour le 08.08.2007 a 18h00 by IL-MAFIOSO

      Mode suppression automatique avec prise en charge résultats Blacklight


      *** Creation backups fichiers trouvés par Blacklight ***

      Copie vers "C:\Program Files\navilog1\Backupnavi"


      *** Suppression des fichiers trouvés avec Blacklight ***

      c:\WINDOWS\system32\uqqlfsv.dat supprimé !
      C:\windows\system32\uqqlfsv.exe supprimé !
      c:\WINDOWS\system32\uqqlfsv_nav.dat supprimé !
      c:\WINDOWS\system32\uqqlfsv_navps.dat supprimé !

      *** Suppression dossiers dans C:\WINDOWS ***


      *** Suppression dossiers dans C:\Program Files ***


      *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


      *** Suppression dossiers dans C:\Documents and Settings\Regina\Application Data ***



      *** Suppression fichiers ***

      C:\WINDOWS\pack.epk supprimé !
      C:\WINDOWS\system32\nvs2.inf supprimé !

      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\WINDOWS\Temp effectué !
      Nettoyage contenu C:\Documents and Settings\Regina\Local Settings\Temp effectué !


      *** Sauvegarde du registre vers dossier Backupnavi ***


      sauvegarde du registre réalise avec succes !


      *** Nettoyage registre ***


      Nettoyage registre Ok

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche fichiers connus:


      2)Recherche et Suppression Heuristique :

      *
      **
      ***
      ****
      *****
      ******
      *******
      ********
      C:\WINDOWS\system32\shdcdyvwd.exe trouvé !
      Copie C:\WINDOWS\system32\shdcdyvwd.exe réalise avec succes !
      C:\WINDOWS\system32\shdcdyvwd.exe supprimé !
      3)Contrôle présence clés Rootkit dans le registre :

      Aucune autre clés présente dans le registre !

      4)Certificats :

      Certificat Egroup supprimé !


      *** Recherche avec GenericNaviSearch Beta ***
      !!! Ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A verifier impérativement avant toute suppression manuelle !!!

      Fichiers trouvés non supprimés :

      Aucun Fichier trouvé !

      Fichiers suspects non supprimés :

      Aucun Fichier suspect trouvé !



      *** Nettoyage termine le 11/08/2007 à 17:44:30,21 ***
      0
  3. Julien
     
    Bonsoir Nanard4700, je n'ai pas trouvé parmi les éditeurs approuvés de certificats les éditeurs de ta liste (egroup, Montorgueil, VIP, ...etc).
    Par contre, comme tu me l'avais dit, mon PC est toujours infecté (écran noir de temps en temps (pendant quelques instants), ou pages qui se figent). Donc voici un nouveau rapport HiJackThis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:55:22, on 11/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {17492023-C23A-453E-A040-C7C580BBF704 - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [uqqlfsv] c:\windows\system32\uqqlfsv.exe uqqlfsv
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: fdjeux -
    O16 - DPF: teleir_cert -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
    O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7} -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    0
  4. Utilisateur anonyme
     
    Slt Julien.

    tu relances hijackthis et tu coches les lignes inscrites ci dessous.Ensuite tu clic sur fixer .(en bas du log)
    Une fois termine tu me repost un nouveau rapport.

    O2 - BHO: (no name) - {17492023-C23A-453E-A040-C7C580BBF704 - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7}
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    0
    1. Julien
       
      Merci beaucoup pour ton aide, Nanard.
      J'ai donc relancé HiJackThis et coché et fixé les 9 lignes que tu me proposais. Le fichier de log est ci-dessous.
      Au niveau des fenêtres intempestives, ça a l'air d'aller mieux depuis que j'ai passé navilog (mais je n'ai pas encore beaucoup surfé), par contre j'ai tout le temps un écran noir quelques secondes de temps en temps ou le PC qui parfois se fige quelques secondes.
      Bonne soirée.
      Julien.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:10:42, on 12/08/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\dllhost.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HiJackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
      O4 - HKLM\..\Run: [uqqlfsv] c:\windows\system32\uqqlfsv.exe uqqlfsv
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: fdjeux -
      O16 - DPF: teleir_cert -
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
      O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
      O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
      O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    OK

    Tu as une saloperie qui ne veut pas partir.On va donc s'occuper de cette intrus.
    telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)

    (1) ad-aware version 1.06

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip

    ***

    (2) spybot version 1.4

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    ***

    et aussi ceci
    (3) CleanUp40.exe
    http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

    voir demo
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    ***

    (4) a2

    https://www.emsisoft.com/fr/
    penser a le metre a jour avant de scanner le pc
    ***
    ps : un grand merci a balltrap pour les liens :)

    (5) Edwido
    http://download.ewido.net/ewido-setup.exe
    Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

    Clique sur scanner puis sur scan complet du système.
    ==================================================================
    pour supprimer tes traces utilise

    CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo

    https://www.01net.com/

    ____________________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    • Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    • Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    • Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html
    ==================================================================
    POur terminer post moi un nouveau rapport hijackthis.N'oublis pas de poster les rapport des scans anti spywares.Merci

    a+
    0
    1. Julien
       
      Merci Nanard,
      Je posterai les rapports au fur et à mesure.
      Juste une petite question: faut-il mieux passer tous ces logiciels en mode sans échec?
      A+.
      0
      1. Utilisateur anonyme > Julien
         
        Tu peut le faire .
        0
  7. Julien
     
    Salut Nanard,
    pour info, le lien vers http://www.florensac-chasse-trap.com/ ne fonctionne pas. Le lien http://pageperso.aol.fr/balltrap34/adwseflash.zip ne fonctionne pas non plus.
    Voici ci-dessous le log adaware 1.06.

    J'ai mis les 39 objets détectés (22 cookies et 17 MRU) en quarantaine, j'ai également collé le log de la quarantaine:

    Ad-Aware SE Build 1.06r1
    Logfile Created on:lundi 13 août 2007 21:38:51
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R187 13.08.2007
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):17 total references
    Tracking Cookie(TAC index:3):22 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Search for low-risk threats
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    13-08-2007 21:38:51 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Regina\recent
    Description : list of recently opened documents

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer
    Description : last download directory used in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\mediaplayer\player\recentfilelist
    Description : list of recently used files in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\office\10.0\excel\recent files
    Description : list of recent files used by microsoft excel

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\applets\regedit
    Description : last key accessed using the microsoft registry editor

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\runmru
    Description : mru list for items opened in start | run

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\winrar\dialogedithistory\extrpath
    Description : winrar "extract-to" history

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 424
    ThreadCreationTime : 13-08-2007 04:54:06
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 472
    ThreadCreationTime : 13-08-2007 04:54:08
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 496
    ThreadCreationTime : 13-08-2007 04:54:09
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 540
    ThreadCreationTime : 13-08-2007 04:54:09
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 552
    ThreadCreationTime : 13-08-2007 04:54:10
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 700
    ThreadCreationTime : 13-08-2007 04:54:11
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 756
    ThreadCreationTime : 13-08-2007 04:54:11
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 824
    ThreadCreationTime : 13-08-2007 04:54:11
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 880
    ThreadCreationTime : 13-08-2007 04:54:11
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1220
    ThreadCreationTime : 13-08-2007 04:54:14
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1248
    ThreadCreationTime : 13-08-2007 04:54:14
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 1524
    ThreadCreationTime : 13-08-2007 04:54:20
    BasePriority : Normal
    FileVersion : 6.5
    ProductVersion : QuickTime 6.5
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    LegalCopyright : © Apple Computer, Inc. 2001-2004
    OriginalFilename : QTTask.exe

    #:13 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1540
    ThreadCreationTime : 13-08-2007 04:54:20
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:14 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 1552
    ThreadCreationTime : 13-08-2007 04:54:20
    BasePriority : Normal
    FileVersion : 8.1.0178.00
    ProductVersion : 8.1.0178
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msnmsgr.exe
    LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
    OriginalFilename : msnmsgr.exe

    #:15 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1716
    ThreadCreationTime : 13-08-2007 04:54:22
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:16 [cdac11ba.exe]
    FilePath : C:\WINDOWS\System32\drivers\
    ProcessID : 1748
    ThreadCreationTime : 13-08-2007 04:54:24
    BasePriority : Normal
    FileVersion : 4.11.020
    ProductVersion : 4.11.020 Windows NT 2001/03/13
    ProductName : SafeCast Windows NT
    CompanyName : C-Dilla Ltd
    FileDescription : C-Dilla RTS Service
    InternalName : CDANTSRV
    LegalCopyright : Copyright (c) Macrovision 1993-2001
    OriginalFilename : CDANTSRV.EXE
    Comments : StringFileInfo: U.S. English

    #:17 [dllhost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1760
    ThreadCreationTime : 13-08-2007 04:54:24
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : COM Surrogate
    InternalName : dllhost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : dllhost.exe

    #:18 [sagent2.exe]
    FilePath : C:\Program Files\Fichiers communs\EPSON\EBAPI\
    ProcessID : 1804
    ThreadCreationTime : 13-08-2007 04:54:24
    BasePriority : Normal
    FileVersion : 2, 2, 0, 0
    ProductVersion : 1, 0, 0, 0
    ProductName : EPSON Bidirectional Printer
    CompanyName : SEIKO EPSON CORPORATION
    FileDescription : EPSON Printer Status Agent
    InternalName : SAgent2
    LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000-2001
    OriginalFilename : SAgent2.exe

    #:19 [frameworkservice.exe]
    FilePath : C:\Program Files\Network Associates\Common Framework\
    ProcessID : 1876
    ThreadCreationTime : 13-08-2007 04:54:24
    BasePriority : Normal
    FileVersion : 3.1.2.266
    ProductName : McAfee Common Framework
    CompanyName : Network Associates, Inc.
    FileDescription : Framework Service
    InternalName : Framework
    LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
    OriginalFilename : Framework.exe

    #:20 [mcshield.exe]
    FilePath : C:\Program Files\Network Associates\VirusScan\
    ProcessID : 2000
    ThreadCreationTime : 13-08-2007 04:54:27
    BasePriority : High

    #:21 [vstskmgr.exe]
    FilePath : C:\Program Files\Network Associates\VirusScan\
    ProcessID : 2024
    ThreadCreationTime : 13-08-2007 04:54:27
    BasePriority : Normal

    #:22 [naprdmgr.exe]
    FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
    ProcessID : 132
    ThreadCreationTime : 13-08-2007 04:54:28
    BasePriority : Normal
    FileVersion : 3.1.2.266
    ProductName : McAfee Common Framework
    CompanyName : Network Associates, Inc.
    FileDescription : NAI Product Manager
    InternalName : Product Manager
    LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
    OriginalFilename : naPrdMgr.exe

    #:23 [slserv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 208
    ThreadCreationTime : 13-08-2007 04:54:28
    BasePriority : Normal

    #:24 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 316
    ThreadCreationTime : 13-08-2007 04:54:28
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:25 [vcssecs.exe]
    FilePath : C:\Program Files\Virtual CD v4 SDK\system\
    ProcessID : 356
    ThreadCreationTime : 13-08-2007 04:54:29
    BasePriority : Normal
    FileVersion : 4, 3, 0, 1
    ProductVersion : 4, 3, 0, 0
    ProductName : Virtual CD
    CompanyName : H+H Software GmbH
    FileDescription : Virtual CD v4.3 SDK - Security Service
    InternalName : VCSSecS
    LegalCopyright : Copyright © 2001 by H+H Software GmbH
    OriginalFilename : VCSSecS.exe

    #:26 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1424
    ThreadCreationTime : 13-08-2007 04:54:44
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:27 [usnsvc.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 2500
    ThreadCreationTime : 13-08-2007 04:55:06
    BasePriority : Normal
    FileVersion : 8.1.0178.00
    ProductVersion : 8.1.0178
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Messenger Sharing USN Journal Reader Service
    InternalName : usnsvc.exe
    LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
    OriginalFilename : usnsvc.exe

    #:28 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ProcessID : 1164
    ThreadCreationTime : 13-08-2007 19:34:17
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : IEXPLORE.EXE

    #:29 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 636
    ThreadCreationTime : 13-08-2007 19:37:45
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 17

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 17

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 17

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@casinotropez[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:regina@casinotropez.com/
    Expires : 29-07-2007 20:58:36
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@247realmedia[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:9
    Value : Cookie:regina@247realmedia.com/
    Expires : 10-08-2008 20:59:02
    LastSync : Hits:9
    UseCount : 0
    Hits : 9

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:33
    Value : Cookie:regina@2o7.net/
    Expires : 10-08-2012 23:28:04
    LastSync : Hits:33
    UseCount : 0
    Hits : 33

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@pro-market[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:7
    Value : Cookie:regina@pro-market.net/
    Expires : 01-06-2030 02:00:00
    LastSync : Hits:7
    UseCount : 0
    Hits : 7

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@bs.serving-sys[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:12
    Value : Cookie:regina@bs.serving-sys.com/
    Expires : 01-01-2038
    LastSync : Hits:12
    UseCount : 0
    Hits : 12

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@adtech[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:10
    Value : Cookie:regina@adtech.de/
    Expires : 19-07-2017 19:16:10
    LastSync : Hits:10
    UseCount : 0
    Hits : 10

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@interhomeag.112.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:regina@interhomeag.112.2o7.net/
    Expires : 03-08-2012 22:27:42
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@serving-sys[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:79
    Value : Cookie:regina@serving-sys.com/
    Expires : 01-01-2038
    LastSync : Hits:79
    UseCount : 0
    Hits : 79

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@estat[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:21
    Value : Cookie:regina@estat.com/
    Expires : 06-07-2017 23:20:28
    LastSync : Hits:21
    UseCount : 0
    Hits : 21

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@www.casinotropez[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:regina@www.casinotropez.com/
    Expires : 29-07-2012 16:53:36
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@www.cibleclick[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:regina@www.cibleclick.com/
    Expires : 30-07-2037 23:57:56
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@msnportal.112.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:regina@msnportal.112.2o7.net/
    Expires : 23-07-2012 13:31:30
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@metriweb[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:regina@metriweb.be/
    Expires : 21-07-2008 22:51:58
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@karavel.112.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:regina@karavel.112.2o7.net/
    Expires : 23-07-2012 21:02:40
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@smartadserver[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:312
    Value : Cookie:regina@smartadserver.com/
    Expires : 08-08-2027 21:35:14
    LastSync : Hits:312
    UseCount : 0
    Hits : 312

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@overture[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:33
    Value : Cookie:regina@overture.com/
    Expires : 08-08-2017 20:59:18
    LastSync : Hits:33
    UseCount : 0
    Hits : 33

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@fl01.ct2.comclick[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:regina@fl01.ct2.comclick.com/
    Expires : 10-01-2029 02:00:00
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@kelkoo[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:regina@kelkoo.fr/
    Expires : 09-08-2009 14:21:48
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@weborama[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:121
    Value : Cookie:regina@weborama.fr/
    Expires : 21-10-2007 21:06:04
    LastSync : Hits:121
    UseCount : 0
    Hits : 121

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@server.iad.liveperson[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:regina@server.iad.liveperson.net/
    Expires : 30-07-2008 15:24:22
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@opodo.122.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:regina@opodo.122.2o7.net/
    Expires : 24-07-2012 23:08:40
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : regina@112.2o7[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:6
    Value : Cookie:regina@112.2o7.net/
    Expires : 10-08-2012 23:26:48
    LastSync : Hits:6
    UseCount : 0
    Hits : 6

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 22
    Objects found so far: 39

    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 39

    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 39

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 39

    22:24:15 Scan Complete

    -------------------------------------------------------------------------------------
    -------------------------------------------------------------------------------------
    -------------------------------------------------------------------------------------
    LOG DE LA QUARANTAINE

    ArchiveData(adaware1208.bckp)
    Referencefile : SE1R187 13.08.2007
    ======================================================

    MRU LIST
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=MRU FileReference : C:\Documents and Settings\Regina\recent\200705_NaissanceAnna.lnk
    obj[1]=MRU FileReference : C:\Documents and Settings\Regina\recent\200706_Anna.lnk
    obj[2]=MRU FileReference : C:\Documents and Settings\Regina\recent\200707_paris_bretagne (2).lnk
    obj[3]=MRU FileReference : C:\Documents and Settings\Regina\recent\200707_paris_bretagne (3).lnk
    obj[4]=MRU FileReference : C:\Documents and Settings\Regina\recent\200707_paris_bretagne.lnk
    obj[5]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (10).lnk
    obj[6]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (11).lnk
    obj[7]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (12).lnk
    obj[8]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (13).lnk
    obj[9]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (14).lnk
    obj[10]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\search assistant\acmru\5603
    obj[11]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\search assistant\acmru\5604
    obj[12]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (17).lnk
    obj[13]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
    obj[14]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\bmp
    obj[15]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPG
    obj[16]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\log
    obj[17]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\xls
    obj[18]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\zip
    obj[19]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (7).lnk
    obj[20]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\runmru
    obj[21]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows media\wmsdk\general computername
    obj[22]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\winrar\dialogedithistory\extrpath
    obj[23]=MRU FileReference : C:\Documents and Settings\Regina\recent\adaware.lnk
    obj[24]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part (2).lnk
    obj[25]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part (3).lnk
    obj[26]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part (4).lnk
    obj[27]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part.lnk
    obj[28]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (10).lnk
    obj[29]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (11).lnk
    obj[30]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (12).lnk
    obj[31]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (13).lnk
    obj[32]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (14).lnk
    obj[33]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (15).lnk
    obj[34]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (16).lnk
    obj[35]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (17).lnk
    obj[36]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (18).lnk
    obj[37]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (19).lnk
    obj[38]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (2).lnk
    obj[39]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (20).lnk
    obj[40]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (21).lnk
    obj[41]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (22).lnk
    obj[42]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (23).lnk
    obj[43]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (24).lnk
    obj[44]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (25).lnk
    obj[45]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (26).lnk
    obj[46]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (27).lnk
    obj[47]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (28).lnk
    obj[48]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (29).lnk
    obj[49]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (3).lnk
    obj[50]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (30).lnk
    obj[51]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (31).lnk
    obj[52]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (32).lnk
    obj[53]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (33).lnk
    obj[54]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (34).lnk
    obj[55]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (35).lnk
    obj[56]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (4).lnk
    obj[57]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (5).lnk
    obj[58]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (6).lnk
    obj[59]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (7).lnk
    obj[60]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (8).lnk
    obj[61]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (9).lnk
    obj[62]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes.lnk
    obj[63]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard.lnk
    obj[64]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (2).lnk
    obj[65]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (3).lnk
    obj[66]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (4).lnk
    obj[67]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (5).lnk
    obj[68]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (6).lnk
    obj[69]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (7).lnk
    obj[70]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (8).lnk
    obj[71]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (9).lnk
    obj[72]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique.lnk
    obj[73]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01305.lnk
    obj[74]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01306.lnk
    obj[75]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01307.lnk
    obj[76]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01308.lnk
    obj[77]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01310.lnk
    obj[78]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01311.lnk
    obj[79]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01318.lnk
    obj[80]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01328.lnk
    obj[81]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01330.lnk
    obj[82]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01331.lnk
    obj[83]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01332.lnk
    obj[84]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01333.lnk
    obj[85]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01337.lnk
    obj[86]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01341.lnk
    obj[87]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01345.lnk
    obj[88]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01440.lnk
    obj[89]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01537.lnk
    obj[90]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01538.lnk
    obj[91]=MRU FileReference : C:\Documents and Settings\Regina\recent\HDD (C) (2).lnk
    obj[92]=MRU FileReference : C:\Documents and Settings\Regina\recent\HDD (C).lnk
    obj[93]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (10).lnk
    obj[94]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (11).lnk
    obj[95]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (12).lnk
    obj[96]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (2).lnk
    obj[97]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (3).lnk
    obj[98]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (4).lnk
    obj[99]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (5).lnk
    obj[100]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (6).lnk
    obj[101]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (7).lnk
    obj[102]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (8).lnk
    obj[103]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (9).lnk
    obj[104]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis.lnk
    obj[105]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 23.lnk
    obj[106]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 24 (2).lnk
    obj[107]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 24.lnk
    obj[108]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 25.lnk
    obj[109]=MRU FileReference : C:\Documents and Settings\Regina\recent\Julien.lnk
    obj[110]=MRU FileReference : C:\Documents and Settings\Regina\recent\laredoute (2).lnk
    obj[111]=MRU FileReference : C:\Documents and Settings\Regina\recent\laredoute.lnk
    obj[112]=MRU FileReference : C:\Documents and Settings\Regina\recent\lettremotivationAlcatel (2).lnk
    obj[113]=MRU FileReference : C:\Documents and Settings\Regina\recent\lettremotivationAlcatel.lnk
    obj[114]=MRU FileReference : C:\Documents and Settings\Regina\recent\Mes images.lnk
    obj[115]=MRU FileReference : C:\Documents and Settings\Regina\recent\Navilog1.lnk
    obj[116]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010127.lnk
    obj[117]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010130.lnk
    obj[118]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010457.lnk
    obj[119]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010562.lnk
    obj[120]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010652.lnk
    obj[121]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010653.lnk
    obj[122]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos (2).lnk
    obj[123]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos (3).lnk
    obj[124]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos (4).lnk
    obj[125]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos.lnk
    obj[126]=MRU FileReference : C:\Documents and Settings\Regina\recent\plan (2).lnk
    obj[127]=MRU FileReference : C:\Documents and Settings\Regina\recent\plan.lnk
    obj[128]=MRU FileReference : C:\Documents and Settings\Regina\recent\Recherche_emploi.lnk
    obj[129]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb1 (2).lnk
    obj[130]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb1.lnk
    obj[131]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb2.lnk
    obj[132]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb3.lnk
    obj[133]=MRU FileReference : C:\Documents and Settings\Regina\recent\USB DISK (D).lnk
    obj[135]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
    obj[136]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
    obj[137]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
    obj[138]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer download directory
    obj[139]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\internet explorer\typedurls
    obj[140]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer\typedurls
    obj[141]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\mediaplayer\player\recentfilelist
    obj[142]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\mediaplayer\preferences lastplaylist
    obj[143]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\office\10.0\excel\recent files

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[17]=IECache Entry : Cookie:regina@casinotropez.com/
    obj[18]=IECache Entry : Cookie:regina@247realmedia.com/
    obj[19]=IECache Entry : Cookie:regina@2o7.net/
    obj[20]=IECache Entry : Cookie:regina@pro-market.net/
    obj[21]=IECache Entry : Cookie:regina@bs.serving-sys.com/
    obj[22]=IECache Entry : Cookie:regina@adtech.de/
    obj[23]=IECache Entry : Cookie:regina@interhomeag.112.2o7.net/
    obj[24]=IECache Entry : Cookie:regina@serving-sys.com/
    obj[25]=IECache Entry : Cookie:regina@estat.com/
    obj[26]=IECache Entry : Cookie:regina@www.casinotropez.com/
    obj[27]=IECache Entry : Cookie:regina@www.cibleclick.com/
    obj[28]=IECache Entry : Cookie:regina@msnportal.112.2o7.net/
    obj[29]=IECache Entry : Cookie:regina@metriweb.be/
    obj[30]=IECache Entry : Cookie:regina@karavel.112.2o7.net/
    obj[31]=IECache Entry : Cookie:regina@smartadserver.com/
    obj[32]=IECache Entry : Cookie:regina@overture.com/
    obj[33]=IECache Entry : Cookie:regina@fl01.ct2.comclick.com/
    obj[34]=IECache Entry : Cookie:regina@kelkoo.fr/
    obj[35]=IECache Entry : Cookie:regina@weborama.fr/
    obj[36]=IECache Entry : Cookie:regina@server.iad.liveperson.net/
    obj[37]=IECache Entry : Cookie:regina@opodo.122.2o7.net/
    obj[38]=IECache Entry : Cookie:regina@112.2o7.net/
    0
    1. Utilisateur anonyme
       
      SLT

      ON va continuer a faire du nettoyage

      télécharge AVG Anti-Spyware

      avg antispyware
      http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html


      Tuto : http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

      * tu l'installes

      Démarrer AVG antispyware. Cliquer sur "mise à jour", cliquer sur le bouton "Commencer la mise à jour" et attendre la fin de cette mise à jour puis, fermer le programme.

      si tu n'arrives pas à le mettre à jour prends ici les Mise à jour:

      http://downloads.ewido.net/avgas-signatures-full-current.exe



      Démarre en mode sans échec :
      Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
      Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
      Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
      (Si F8 ne marche pas utilise la touche F5).

      relance AVG AS et cliquer sur l'onglet "scanner" puis sur "Analyse complète du système".
      Une fois le scan terminé, il t'affiche un rapport. Cliquer sur "configurer..." en bas a gauche et choisir "supprimer". Ensuite cliquer sur "Appliquer toutes les actions ", ca va supprimer toutes les infections détectées.
      Ensuite cliquer sur "Enregistrer le rapport d'analyse" -> "enregistrer sous" et enregistrer le rapport où bon te semble, afin de me l'envoyer dans ta prochaine réponse.


      Copie Et colle le rapport ici
      ===========================
      Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
      http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
      Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
      • Redémarre ton ordinateur
      • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
      • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
      • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
      • Choisis ton compte.
      Déroule la liste des instructions ci-dessous :
      • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
      • Appuie sur Y pour commencer le processus de nettoyage.
      • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
      • Appuie sur une touche pour redémarrer le PC.
      • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
      • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
      • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
      • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
      • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
      0
  8. Julien
     
    Salut nanard,
    excuse moi, je n'ai pas eu le temps de passer tous les anti spyware, je les passe au fur et à mesure:
    - j'ai passé adaware (rapport ci-dessus)
    - je viens de passer spybot: je n'ai pas réussi à faire de log mais il a fixé 3 problème: 2 IEFirewallbypass + 1 spyware secure.
    Je te tiens au courant pour les autres programmes.
    A+.
    Julien
    0
  9. Julien
     
    Rapport de cleanUp40.exe

    CleanUp! started on 08/14/07 21:52:55.
    ...
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://www.mercernet.fr/mercernet/cnx/images/logo_mmc.gif - deleted
    https://www.mercernet.fr/atos/304118/accueil.asp?S1=0&S2=0&M=1 - deleted
    http://ht-brands.aol.com/PromoArt/ht_blupanel_cap_bottom_left.gif.107326.1.gif - deleted
    http://www.pagesjaunes.fr/ciweb2g-pagesjaunes/static/css/pji_PJ.css - deleted
    https://www.pagesjaunes.fr/ - deleted
    https://media.laredoute.fr/images/arr_bas_gauche.gif - deleted
    http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::affich 3380752 ecran qui s eteint fenetres intempestives&hl=23x12x13&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x633&ref=virus securite - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://feed.audience.netavenir.com/... - deleted
    http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187039521859&lmt=1187039521&format=300x250_as&output=html&correlator=1187039521843&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ad_type=text&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich 3380752 ecran qui s eteint fenetres intempestives&cc=99&ga_vid=1961411508.1187039522&ga_sid=1187039522&ga_hid=311892844&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=2&u_java=true - deleted
    http://www.sosordi.net/images/mb_ordi.gif - deleted
    https://media.laredoute.fr/images/pic-kartStage6.gif - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://www.google.fr/search?hl=fr&q=cleanup40.exe&meta=&gws_rd=ssl - deleted
    ecran qui s eteint fenetres intempestives?Acces=1 - deleted
    http://cdn.lastminute.com/site/l_nav_top.gif?skin=frfr.lastminute.com - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://www.mercernet.fr/mercernet/cnx/images/hdr_related_services_fr.gif - deleted
    http://www.laredoute.fr/... - deleted
    https://media.laredoute.fr/images/hp0306/pucecuisine_footer.gif - deleted
    http://global.msads.net/defaultads/ads/defaultads/1447.gif?C=P&E=10&N=F08 - deleted
    http://by109fd.bay109.hotmail.msn.com/cgi-bin/getmsg?msg=1024F539-EE65-4457-8F3B-A5978E8DD51B&start=0&len=4471&imgsafe=n&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=93e10aa0265c6e6a0c60caa8a6f09b9e6a94c471b7adfdff696e9dab199b9466 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187117307718&lmt=1187117307&format=300x250_as&output=html&correlator=1187117307531&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich 3380752 ecran qui s eteint fenetres intempestives%232007 08 14%252020%253A27%253A33&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ad_type=text&cc=99&ga_vid=1613611013.1187117308&ga_sid=1187117308&ga_hid=74205791&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_java=true - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://www.sosordi.net/images/avatars/M/Aucun.jpg - deleted
    http://www.sosordi.net/__utm.gif?utmwv=6.1&utmn=2140482372&utmsr=1024x768&utmsc=32-bit&utmul=fr&utmje=1&utmjv=1.3&utmfl=9.0&utmcr=1&utmdt=SOS%20Ordi%20-%20Dll%20manquant%20--%3E%20vsinit.dll&utmhn=www.sosordi.net&utmr=http://www.google.fr/search?hl=fr&q=cleanup40.exe+t%C3%A9l%C3%A9charger&meta=&utmp=/Depannage/110801-116-dll-manquant-vsinit-dll - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://www.sosordi.net/js/checkForms.js - deleted
    http://www.sosordi.net/images/plus.gif - deleted
    https://media.laredoute.fr/images/btn-whiteArrow02.gif - deleted
    https://media.laredoute.fr/images/news_btn_retour.gif - deleted
    https://mail.google.com/mail/images/cleardot.gif - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://www.stevengould.org/downloads/cleanup/CleanUp40.exe - deleted
    https://mail.google.com/mail/images/c.gif?t=1187102213421 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://ads1.msn.com/ads/76757/0000076757_000000000000000472515.swf?fd=rad.msn.com&clickTAG=http%3A//g.msn.com/0AD0005R/1177944.1%3F%3FPID%3D4052174%26amp%3BUIT%3DA%26amp%3BTargetID%3D1090125%26amp%3BAN%3D806489032%26amp%3BPG%3DIMSPTB - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://www.sosordi.net/__utm.gif?utmwv=6.1&utmn=1191251863&utmsr=1024x768&utmsc=32-bit&utmul=fr&utmje=1&utmjv=1.3&utmfl=9.0&utmcn=1&utmdt=SOS%20Ordi%20-%20Dll%20manquant%20--%3E%20vsinit.dll&utmhn=www.sosordi.net&utmr=http://www.google.fr/search?hl=fr&q=cleanup40.exe+t%C3%A9l%C3%A9charger&meta=&utmp=/Depannage/110801-116-dll-manquant-vsinit-dll - deleted
    http://www.pagesjaunes.fr/files/images/FR/bar_bas_carr.gif - deleted
    http://www.laredoute-magazines.fr/kiosque/control/main - deleted
    http://www.laredoute-magazines.fr/kiosque/control/main - deleted
    https://www.laredoute.fr/css/staticpages.css - deleted
    https://media.laredoute.fr/intl/pt/pt/flag_italy.gif - deleted
    http://adserver.adtech.de/addyn|3.0|224|1144075|0|168|ADTECH;loc=100;target=_blank;grp=1;misc=1187037211531 - deleted
    https://media.laredoute.fr/images/news_btn_calculer02.gif - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://www.sosordi.net/images/favoris.png - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://by109fd.bay109.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=93e10aa0265c6e6a0c60caa8a6f09b9ef2896ad5d11e5810d28da50241293238 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://engine.espace.netavenir.com/?zid=41 - deleted
    https://media.laredoute.fr/images/gauche_tab.gif - deleted
    https://media.laredoute.fr/intl/pt/pt/flag_spain.gif - deleted
    https://media.laredoute.fr/images/tit-withCKGcard02.gif - deleted
    http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187039527484&lmt=1187039527&prev_fmts=300x250_as&format=468x15_0ads_al&output=html&correlator=1187039526812&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fforum 7 virus securite&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&cc=99&ga_vid=1953841385.1187039527&ga_sid=1187039527&ga_hid=1082984977&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true - deleted
    http://www.easyvols.fr/base/imgs/logos/compagniesAeriennes/LX.gif - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187120541375&lmt=1187120541&format=300x250_as&output=html&correlator=1187120541359&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ad_type=text&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich 3380752 ecran qui s eteint fenetres intempestives%3FAcces%3D1&cc=99&ga_vid=2146512579.1187120541&ga_sid=1187120541&ga_hid=2058463312&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=2&u_java=true - deleted
    http://pagead2.googlesyndication.com/cpa/ads?client=ca pub 6969989765125400&cpa_choice=CAAQv87nzwEaCPNb_H0GemsCKNm493M&oe=iso 8859 1&dt=1187120554187&lmt=1187120554&format=125x125_as_rimg&output=html&correlator=1187120554109&channel=5704541620&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fforum 7 virus securite®ion=_google_cpa_region_&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&cc=99&ga_vid=2086356756.1187120554&ga_sid=1187120554&ga_hid=1037223733&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true - deleted
    http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::affich-3380752-ecran-qui-s-eteint-fenetres-intempestives&hl=20x48x31&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x633&ref= - deleted
    http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::affich-3380752-ecran-qui-s-eteint-fenetres-intempestives&hl=20x49x18&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x612&ref= - deleted
    http://pagead2.googlesyndication.com/cpa/ads?client=ca pub 6969989765125400&cpa_choice=CAAQv87nzwEaCPNb_H0GemsCKNm493M&oe=iso 8859 1&dt=1187120541437&lmt=1187120541&format=125x125_as_rimg&output=html&correlator=1187120541359&channel=5704541620&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3®ion=_google_cpa_region_&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-3380752-ecran-qui-s-eteint-fenetres-intempestives%3FAcces%3D1&cc=99&ga_vid=2146512579.1187120541&ga_sid=1187120541&ga_hid=2058463312&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=2&u_java=true - deleted
    http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::forum 7 virus securite&hl=21x42x34&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x633&ref=ajout - deleted
    http://www.sosordi.net/images/dossierbleu.png - deleted
    http://www.sosordi.net/images/imgmembre.gif - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://mail.google.com/mail/images/c.gif?t=1187106006296 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1 - deleted
    http://www.sosordi.net/images/aide.png - deleted
    C:\Documents and Settings\Regina\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    'Typed URLs' (Internet Explorer) - removed from the registry.
    C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
    C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\LODCTR.EXE-03F34D45.pf - deleted
    C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\MCCONSOL.EXE-3456B4DD.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\MCSCRIPT_INUSE.EXE-071D52A1.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\MCUPDATE.EXE-16E0583A.pf - deleted
    C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-17AA806A.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\MRT.EXE-161A5291.pf - deleted
    C:\WINDOWS\Prefetch\MSHTA.EXE-07121ECA.pf - deleted
    C:\WINDOWS\Prefetch\MSI6A.TMP-09318048.pf - deleted
    C:\WINDOWS\Prefetch\MSNAPPAU.EXE-17A3A6E5.pf - deleted
    C:\WINDOWS\Prefetch\MSPAINT.EXE-146E0237.pf - deleted
    C:\WINDOWS\Prefetch\NDP1.1SP1-KB928366-X86.EXE-062682BB.pf - deleted
    C:\WINDOWS\Prefetch\NET.EXE-151FD66D.pf - deleted
    C:\WINDOWS\Prefetch\NETFXUPDATE.EXE-1E08356E.pf - deleted
    C:\WINDOWS\Prefetch\NGEN.EXE-0FE278E5.pf - deleted
    C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
    C:\WINDOWS\Prefetch\OSA.EXE-28494AD2.pf - deleted
    C:\WINDOWS\Prefetch\PICASA2.EXE-0336A7FA.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\PICASAUPDATE.EXE-2968699F.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\POWERPNT.EXE-36F34B3E.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf - deleted
    C:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf - deleted
    C:\WINDOWS\Prefetch\REG.EXE-07FA5B3F.pf - deleted
    C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\REGISTRYCLEANER.EXE-16A0987C.pf - deleted
    C:\WINDOWS\Prefetch\REGISTRYDEFRAG.EXE-2500885E.pf - deleted
    C:\WINDOWS\Prefetch\REGISTRYDEFRAGHELPER.EXE-15E726BC.pf - deleted
    C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C53A192.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-453420C4.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-48F5CC24.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CAF3F5C.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-5A86C785.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E0F7F9E.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E28740F.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E8E394A.pf - deleted
    C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\SCAN32.EXE-2595F2A1.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\SETUP.EXE-02F2E3E6.pf - deleted
    C:\WINDOWS\Prefetch\SETUP.EXE-053AB796.pf - deleted
    C:\WINDOWS\Prefetch\SKYPE.EXE-2EAF99A0.pf - deleted
    C:\WINDOWS\Prefetch\SORT.EXE-19728AC5.pf - deleted
    C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf - deleted
    C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
    C:\WINDOWS\Prefetch\TKHJECKDI.EXE-0E13E68F.pf - deleted
    C:\WINDOWS\Prefetch\UPDATE.EXE-0813F146.pf - deleted
    C:\WINDOWS\Prefetch\UPDATE.EXE-0BDC03E6.pf - deleted
    C:\WINDOWS\Prefetch\UPDATE.EXE-1FF92DF9.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\UPDATE.EXE-34E83780.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\UPDATERUI.EXE-3411FB8B.pf - deleted
    C:\WINDOWS\Prefetch\UPDATEWIZARD.EXE-24352615.pf - deleted
    C:\WINDOWS\Prefetch\UQQLFSV.EXE-3AF09F9F.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\USNSVC.EXE-0114DAF6.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\VCSPLAY.EXE-2DB1E050.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf - deleted
    C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf - deleted
    C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf currently in use. Will be deleted when Windows is restarted.
    C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF805.pf - deleted
    C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80B.pf - deleted
    C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
    C:\APPS\ActivSurf\4448364\Users\Default\Misc\Backup\chandir.id~ - deleted
    C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat - deleted
    C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012006100420061005\index.dat - deleted
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp - deleted
    C:\Documents and Settings\Default User\Local Settings\Historique\History.IE5\index.dat - deleted
    C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat - deleted
    C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat - deleted
    C:\Documents and Settings\Regina\Application Data\Microsoft\Address Book\Regina.wa~ - deleted
    C:\Documents and Settings\Regina\Application Data\Mozilla\Firefox\Profiles\default.98q\bookmarks.html.sbsd.bak - deleted
    C:\Documents and Settings\Regina\Application Data\Skype\regina\index.dat - deleted
    C:\Documents and Settings\Regina\Application Data\Skype\reginato\index.dat - deleted
    C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\index.dat - deleted
    C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\MSHist012003011320030120\index.dat - deleted
    C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\MSHist012003020120030202\index.dat - deleted
    C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\MSHist012003020220030203\index.dat - deleted
    C:\Documents and Settings\Regina\Julien\Recherche_emploi\~$_jdavard_productique.doc - deleted
    C:\Documents and Settings\Regina\Julien\Recherche_emploi\~WRL0002.tmp - deleted
    C:\Documents and Settings\Regina\Julien\Recherche_emploi\~WRL1963.tmp - deleted
    C:\Documents and Settings\Regina\Julien\Recherche_emploi\~WRL4041.tmp - deleted
    C:\Documents and Settings\Regina\Local Settings\Application Data\Microsoft\Messenger\misbarreto@hotmail.com\SharingMetadata\Working\database_96F8_C968_F8C9_4769\fsr.chk - deleted
    C:\Documents and Settings\Regina\Local Settings\Application Data\Microsoft\Messenger\regina_toledo@hotmail.com\SharingMetadata\Working\database_96F8_C968_F8C9_4769\fsr.chk - deleted
    C:\Documents and Settings\Regina\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
    C:\Documents and Settings\Regina\UserData\index.dat - deleted
    C:\Program Files\Internet Explorer\ssapi.log.bak - deleted
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Regina\Misc\Backup\chandir.da~ - deleted
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Regina\Misc\Backup\chandir.id~ - deleted
    C:\WINDOWS\Help\wmplayer.bak - deleted
    C:\WINDOWS\inf\mplayer2.bak - deleted
    C:\WINDOWS\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1036.dat.bak - deleted
    C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat - deleted
    C:\WINDOWS\repair\system.bak - deleted
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
    C:\WINDOWS\system32\shdocvw.bak - deleted
    C:\WINDOWS\system32\CONFIG.TMP - deleted
    C:\WINDOWS\system32\SET60.tmp - deleted
    C:\WINDOWS\system32\SET6C.tmp - deleted
    C:\WINDOWS\system32\SET75.tmp - deleted
    C:\WINDOWS\system32\SET77.tmp - deleted
    C:\WINDOWS\system32\SET7A.tmp - deleted
    C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - deleted
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - deleted
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012003011220030113\index.dat - deleted
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012004090220040903\index.dat - deleted
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
    C:\WINDOWS\system32\drivers\OLD69.tmp - deleted
    C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK - deleted
    Telnet's MRU list - removed from the registry.
    CleanUp! 4.0 recovered 79.8 MB of disk space from 7238 files.
    CleanUp! finished on 08/14/07 21:56:57.
    0
    1. Utilisateur anonyme
       
      Julien

      J'ai un petit doute .Va a panneau de configuration et regarde si tu trouve spyware secure .Si oui supprime.Tins moi au courant
      0
      1. Julien > Utilisateur anonyme
         
        Salut.
        Je n'ai pas bien compris ton message: trouver spyware secure dans le panneau de configuration? Peux-tu préciser s'il te plaît?
        A+.
        julien.
        0
      2. julien > Utilisateur anonyme
         
        Rapport de a2

        Version - a-squared Anti-Malware 3.0
        Dernière mise à jour: 14/08/2007 22:17:25

        Réglages Scan:

        Objets: Mémoire, Traces, Cookies, C:\
        Scan archives: Marche
        Heuristiques: Marche
        Scan ADS: Marche

        Début du scan: 14/08/2007 22:17:41

        c:\windows\system32\ath.mgf Détecter: Trace.File.VCatch
        c:\windows\system32\bnr.mgf Détecter: Trace.File.VCatch
        c:\windows\system32\frb.mgf Détecter: Trace.File.VCatch
        c:\windows\system32\rulesdata.xml Détecter: Trace.File.VCatch
        c:\windows\system32\rulesdata1.xml Détecter: Trace.File.VCatch
        c:\windows\system32\rulesdata2.xml Détecter: Trace.File.VCatch
        c:\windows\system32\rulesdata3.xml Détecter: Trace.File.VCatch
        c:\windows\system32\rulesfactors.xml Détecter: Trace.File.VCatch
        c:\windows\system32\snd.mgf Détecter: Trace.File.VCatch
        c:\windows\system32\sub.mgf Détecter: Trace.File.VCatch
        c:\windows\system32\sze.mgf Détecter: Trace.File.VCatch
        Key: HKEY_CLASSES_ROOT\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Détecter: Trace.Registry.DivagoSurfairy
        Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Détecter: Trace.Registry.DivagoSurfairy
        c:\program files\accent word password recovery Détecter: Trace.Directory.Accent WORD Password Recovery
        C:\APPS\ActivSurf\4448364\Program\backWeb-4448364.exe Détecter: Adware.BackWeb.a
        C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\clean\pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
        C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
        C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean.zip/pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
        C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
        C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1.zip/Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
        C:\Documents and Settings\Regina\Julien\NettoyagePC\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
        C:\Documents and Settings\Regina\Mes documents\Mes images\200406_Mariage\Img0003.part1.rar/DSCN0358.JPG Détecter: Heuristic.ArchiveBomb
        C:\Program Files\Navilog1\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113769.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113776.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113783.exe Détecter: Riskware.RiskTool.Win32.Processor.20
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113789.exe Détecter: Riskware.RiskTool.Win32.Processor.20
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0114132.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP823\A0122672.exe Détecter: Riskware.RiskTool.Win32.Processor.20

        Scanné

        Fichiers: 199327
        Traces: 345592
        Cookies: 15
        Processus: 29

        Trouver

        Fichiers: 15
        Traces: 14
        Cookies: 0
        Processus: 0
        Clés de Registre: 0

        Fin du Scan: 15/08/2007 01:12:09
        Temps du Scan: 02:54:28

        C:\Documents and Settings\Regina\Mes documents\Mes images\200406_Mariage\Img0003.part1.rar/DSCN0358.JPG Quarantaine Heuristic.ArchiveBomb
        C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1.zip/Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\Documents and Settings\Regina\Julien\NettoyagePC\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\Program Files\Navilog1\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113783.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113789.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP823\A0122672.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
        C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\clean\pskill.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
        C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\pskill.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
        C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean.zip/pskill.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113769.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113776.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
        C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0114132.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
        C:\APPS\ActivSurf\4448364\Program\backWeb-4448364.exe Quarantaine Adware.BackWeb.a
        c:\program files\accent word password recovery Quarantaine Trace.Directory.Accent WORD Password Recovery
        Key: HKEY_CLASSES_ROOT\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Quarantaine Trace.Registry.DivagoSurfairy
        Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Quarantaine Trace.Registry.DivagoSurfairy
        c:\windows\system32\ath.mgf Quarantaine Trace.File.VCatch
        c:\windows\system32\bnr.mgf Quarantaine Trace.File.VCatch
        c:\windows\system32\frb.mgf Quarantaine Trace.File.VCatch
        c:\windows\system32\rulesdata.xml Quarantaine Trace.File.VCatch
        c:\windows\system32\rulesdata1.xml Quarantaine Trace.File.VCatch
        c:\windows\system32\rulesdata2.xml Quarantaine Trace.File.VCatch
        c:\windows\system32\rulesdata3.xml Quarantaine Trace.File.VCatch
        c:\windows\system32\rulesfactors.xml Quarantaine Trace.File.VCatch
        c:\windows\system32\snd.mgf Quarantaine Trace.File.VCatch
        c:\windows\system32\sub.mgf Quarantaine Trace.File.VCatch
        c:\windows\system32\sze.mgf Quarantaine Trace.File.VCatch

        Quarantaine

        Fichiers: 15
        Traces: 14
        0
      3. Julien > julien
         
        rapport de CCleaner

        NETTOYAGE COMPLET - (11,994 secs)
        ------------------------------------------------------------------------------------------
        42,6MB supprimés.
        ------------------------------------------------------------------------------------------

        Détails des fichiers effacés
        ------------------------------------------------------------------------------------------
        Fichiers Temporaires d'Internet Explorer (fichiers 2472) 37,7MB
        Cookie:regina@mail.google.com/mail(&H100001) 102 bytes
        Cookie:regina@ads.highmetrics.com/meteof(&H100001) 727 bytes
        Cookie:regina@tribalfusion.com/(&H100001) 162 bytes
        Cookie:regina@lastminute.com/(&H100001) 216 bytes
        Cookie:regina@2o7.net/(&H100001) 128 bytes
        Cookie:regina@www.laredoute.fr/(&H100001) 179 bytes
        Cookie:regina@redcatsusa.com/(&H100001) 112 bytes
        Cookie:regina@sdv.fr/(&H100001) 77 bytes
        Cookie:regina@login.live.com/(&H100001) 181 bytes
        Cookie:regina@h.msn.com/(&H100001) 67 bytes
        Cookie:regina@bs.serving-sys.com/(&H100001) 125 bytes
        Cookie:regina@google.com/(&H100001) 135 bytes
        Cookie:regina@adtech.de/(&H100001) 160 bytes
        Cookie:regina@live.com/(&H100001) 330 bytes
        Cookie:regina@messenger.msn.com/(&H100001) 96 bytes
        Cookie:regina@serving-sys.com/(&H100001) 415 bytes
        Cookie:regina@cybermonitor.com/(&H100001) 88 bytes
        Cookie:regina@bn.uol.com.br/(&H100001) 99 bytes
        Cookie:regina@uol.com.br/(&H100001) 102 bytes
        Cookie:regina@www.laredoute-magazines.fr/(&H100001) 124 bytes
        Cookie:regina@112.2o7.net/(&H100001) 132 bytes
        Cookie:regina@tracker.affistats.com/(&H100001) 168 bytes
        Cookie:regina@google.com/mail/(&H100001) 454 bytes
        Cookie:regina@msn.com/(&H100001) 330 bytes
        Cookie:regina@xiti.com/(&H100001) 100 bytes
        Cookie:regina@www.commentcamarche.net/(&H100001) 113 bytes
        Cookie:regina@emsisoft.net/(&H100001) 426 bytes
        Cookie:regina@smartadserver.com/(&H100001) 370 bytes
        Cookie:regina@rad.msn.com/(&H100001) 690 bytes
        Cookie:regina@weborama.fr/(&H100001) 85 bytes
        Cookie:regina@hotmail.msn.com/(&H100001) 70 bytes
        Cookie:regina@google.com/accounts/(&H100001) 470 bytes
        Cookie:regina@sprice.com/(&H100001) 415 bytes
        Cookie:regina@www.fr.lastminute.com/(&H100001) 291 bytes
        C:\WINDOWS\system32\wbem\Logs\FrameWork.log 12,28KB
        C:\WINDOWS\system32\wbem\Logs\wbemess.log 36,20KB
        C:\WINDOWS\system32\wbem\Logs\wbemprox.log 76 bytes
        C:\WINDOWS\system32\wbem\Logs\wmiprov.log 5,34KB
        C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64,00KB
        C:\WINDOWS\0.log 0 bytes
        C:\WINDOWS\comsetup.log 2,01KB
        C:\WINDOWS\FaxSetup.log 6,04KB
        C:\WINDOWS\iis6.log 988 bytes
        C:\WINDOWS\imsins.log 1,34KB
        C:\WINDOWS\KB921503.log 27,46KB
        C:\WINDOWS\KB936021.log 27,69KB
        C:\WINDOWS\KB936357.log 13,75KB
        C:\WINDOWS\KB937143.log 36,43KB
        C:\WINDOWS\KB938127.log 27,72KB
        C:\WINDOWS\KB938828.log 27,58KB
        C:\WINDOWS\KB938829.log 27,24KB
        C:\WINDOWS\msgsocm.log 309 bytes
        C:\WINDOWS\ntdtcsetup.log 1,22KB
        C:\WINDOWS\ocgen.log 2,85KB
        C:\WINDOWS\ocmsn.log 342 bytes
        C:\WINDOWS\setupact.log 60 bytes
        C:\WINDOWS\setupapi.log 1,66KB
        C:\WINDOWS\setuperr.log 0 bytes
        C:\WINDOWS\tsoc.log 2,30KB
        C:\WINDOWS\wmsetup.log 808 bytes
        C:\WINDOWS\ntbtlog.txt 0,63MB
        C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 1,09MB
        C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 9,53KB
        C:\WINDOWS\Debug\mrt.log 7,41KB
        C:\WINDOWS\Debug\mrteng.log 578 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\cosmos.bcst.yahoo.com\ver\234\embed-2007-06-19-1259\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\cosmos.bcst.yahoo.com\ver\236\embed-2007-07-30-0956\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\cosmos.bcst.yahoo.com\ver\237\embed-2007-07-31-1718\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\LCOMMENGINEMGR.sol 314 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\skype.com\#ui\preferences.sol 233 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\video.lequipe.fr\swf\p.swf\userPrefs.sol 68 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com\settings.sol 80 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.lequipe.fr\settings.sol 86 bytes
        C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 416 bytes
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070709-1447.log 391 bytes
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070709-1502.txt 1,84KB
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070814-2053.log 479 bytes
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070814-2124.txt 1,93KB
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.070709-1846.txt 1,83KB
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.070814-2136.txt 1,91KB
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 6,46KB
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 212 bytes
        C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 1,24MB
        C:\Documents and Settings\Regina\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-07-09 14-29-39.txt 12,16KB
        C:\Documents and Settings\Regina\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-08-13 22-24-21.txt 30,15KB
        C:\Documents and Settings\Regina\Application Data\Sun\Java\Deployment\cache\6.0\43\1852f6eb-5c2411ae 5,30KB
        C:\Documents and Settings\Regina\Application Data\Sun\Java\Deployment\cache\6.0\43\1852f6eb-5c2411ae.idx 307 bytes
        C:\Documents and Settings\Regina\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
        C:\Documents and Settings\Regina\Application Data\Google\GoogleEarth\dbCache.dat 1,47MB
        C:\Documents and Settings\Regina\Application Data\Google\GoogleEarth\dbCache.dat.index 0 bytes
        ------------------------------------------------------------------------------------------
        0
      4. Julien > Julien
         
        rapport de clean.zip

        15/08/2007 a 11:49:58,21

        *** Recherche des fichiers dans C:

        *** Recherche des fichiers dans C:\WINDOWS\

        *** Recherche des fichiers dans C:\WINDOWS\system32

        *** Recherche des fichiers dans C:\Program Files
        *** Fin du rapport !
        0
  10. Utilisateur anonyme
     
    SLT

    De temps en temps spywares secure se loge dans le panneau de configuration.Donc je prefere verifier.

    fixe avec hijack cette ligne .

    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

    ---------
    puis faire

    Démarrer==> Exécuter ==> Ecrire :regedit

    presser :CTRL et F
    Tout cocher
    copier/coller : {2AB289AE-4B90-4281-B2AE-1F4BB034B647}

    clic : Suivant
    Si trouvé ==> clic-droit et supprimer
    relancer la recherche jusqu'à l'annonce de FIN

    REfait hijackthis et post le rapport.
    0
    1. Julien
       
      salut,
      je t'envoie le rapport hiJackThis dans une 10aine de minutes; En attendant, voici les rapports AVGAS et SDFIX

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 14:19:47 15/08/2007

      + Résultat de l'analyse:



      C:\Documents and Settings\Regina\Cookies\regina@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.


      Fin du rapport

      ---------------------------------------------------------------------------------------------------
      ---------------------------------------------------------------------------------------------------
      SDFIX
      ---------------------------------------------------------------------------------------------------
      ---------------------------------------------------------------------------------------------------
      No streams found.



      Final Check:

      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"="C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe:*:Disabled:backWeb-4448364"
      "C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
      "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"
      "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
      "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
      "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL 9.0"
      "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
      "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
      "C:\\Program Files\\Kazaa K++\\Kazaa.kpp"="C:\\Program Files\\Kazaa K++\\Kazaa.kpp:*:Disabled:Kazaa Media Desktop"
      "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
      "C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"="C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Disabled:StationRipperConsole"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
      "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
      "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
      "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

      Remaining Files:
      ---------------


      Files with Hidden Attributes:

      C:\WINDOWS\CdaC14BA.DLL
      C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
      C:\Program Files\Picasa2\setup.exe
      C:\WINDOWS\CdaC13BA.EXE

      Finished
      0
      1. Julien > Julien
         
        Voici le nouveau report HiJackThis

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 15:45:00, on 15/08/2007
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\a-squared Anti-Malware\a2service.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\System32\drivers\CDAC11BA.EXE
        C:\WINDOWS\System32\dllhost.exe
        C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
        C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
        C:\Program Files\Network Associates\VirusScan\Mcshield.exe
        C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\HiJackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
        O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
        O4 - HKLM\..\Run: [uqqlfsv] c:\windows\system32\uqqlfsv.exe uqqlfsv
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
        O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
        O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: fdjeux -
        O16 - DPF: teleir_cert -
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
        O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
        O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
        O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
        O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
        O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
        O18 - Filter hijack: text/html - (no CLSID) - (no file)
        O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
        O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
        O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
        O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
        O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
        O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
        0
      2. Julien > Utilisateur anonyme
         
        Encore merci pour ton aide. Je viens de passer CWShredder et le résultat est que "CoolWebSearch was not found on your system".
        Sinon, pour l'instant, mon pb de fenêtres intempestives semble aller mieux: plus de spyware secure, plus de sitespornos.
        Par contre, je viens d'avoir à nouveau le problème de l'écran qui s'éteint alors que l'UC tourne... Penses-tu que ce problème soit dû à un virus ou un spyware? est-ce que ça ne peut pas être un pb hardware?
        A+.
        Julien.
        0
  11. Utilisateur anonyme
     
    SLT

    Verifie ta carte graphique.Essaie de la replacer.Controle aussi les branchements.
    0