Pub hopelessromantic me harcele

Résolu
zizou00 Messages postés 12 Statut Membre -  
zizou00 Messages postés 12 Statut Membre -
Bonjour,
voilà une fenetre pup hopelessromantic.com/pop.php apparait sur mon ecran chaque fois que je me connecte.c'est vraiment trés génant.si quelqu'un pourrait m'aider pour la supprimer.voilà le rapport hajackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:27, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\UMonit2K.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\HAD\PTW.EXE
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule plus\eMule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ftcleokj.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O4 - Global Startup: أوقات الصلاة.lnk = C:\HAD\PTW.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.coupdepoucepc.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A669C16-DACF-4302-A677-613A820D3D1A}: NameServer = 212.217.0.14 196.217.246.210
O18 - Protocol: bw+0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw+0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw-0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw-0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw00 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw00s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw10 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw10s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw20 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw20s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw30 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw30s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw40 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw40s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw50 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw50s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw60 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw60s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw70 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw70s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw80 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw80s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw90 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bw90s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwa0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwa0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwb0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwb0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwc0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwc0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwd0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwd0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwe0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwe0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwf0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwf0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwg0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwh0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwh0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwi0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwi0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwj0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwj0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwk0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwk0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwl0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwl0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwm0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwm0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwn0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwn0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwo0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwo0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwp0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwp0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwq0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwq0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwr0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwr0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bws0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bws0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwt0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwt0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwu0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwu0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwv0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwv0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bww0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bww0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwx0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwx0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwy0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwy0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwz0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: bwz0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: offline-8876480 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe

--
End of file - 19099 bytes
et merci pour l'aide
Configuration: Windows XP
Internet Explorer 7.0

23 réponses

  • 1
  • 2
  1. zizou00 Messages postés 12 Statut Membre
     
    Bonjour ,
    voilà j'ai suivi toutes les démarches décrites dans le lien ci dessus et le problème n'est pas encore résolu . voilà le rapport n°2 de navilog:
    Clean Navipromo version 3.3.6 commencé le 22/11/2007 à 17:31:48,57

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13

    Mode suppression automatique

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\WINDOWS\System32 *

    * Suppression dans C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1 *

    *** Suppression dossiers dans C:\WINDOWS ***

    *** Suppression dossiers dans C:\Program Files ***

    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Suppression dossiers dans C:\Documents and Settings\HP_Propri‚taire\Application Data ***

    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Suppression fichiers ***

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\ghkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    2)Recherche, création sauvegardes et suppression Heuristique :

    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisé avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup absent !

    *** Fichiers suspects non supprimés par Navilog1 ***
    !! Fichiers légitimes possibles, à contrôler avant suppression !!

    *** Nettoyage terminé le 22/11/2007 à 17:35:40,25 ***

    Ce que je n'ai pas compris c'est le rapport n°1 lorseque on le copie on le colle où?et merci de votre cooperation
    0
  2. reason Messages postés 41 Statut Membre 3
     
    C:\WINDOWS\system32\ghkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil ! ???

    je sai pas ce que veut dir j'esper que quelqu'un t'aidera a lire ton rapport je vai essaié de voir si quelk'un peut le faire car moi j'y connai rien :( dslé
    0
  3. moi29 Messages postés 278 Statut Membre 42
     
    bonsoir
    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer.
    * Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
    * Clique sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaitra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    * Démarre ton PC à nouveau.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt
    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT
    créé sur le bureau dans ta prochaine réponse

    Et un nouveau log Hijacthis
    C - Ccleaner :
    (nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc.)

    * Télécharge CCleaner.

    https://www.pcastuces.com/logitheque/ccleaner.htm
    Installe le dans un répertoire dédié.
    Décoche pendant l'installation
    --- les deux cases "Ajouter l'option ... "
    --- Contrôler les mises à jour
    --- Ajouter la Barre d'Outils Yahoo! CCleaner
    * Lance Ccleaner pour un nettoyage complet.
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    --
    Je suis entrée dans CCM, La cigarette dans une main,
    Les Tongs dans l’autre main, Les ***** nus sous la chemise
    0
  6. zizou00 Messages postés 12 Statut Membre
     
    Bonjour;
    j'ai fais un scan en ligne avec panda mon pc est infecté par virtmundo si quelqu'un pourrait m'aider à desinfecter et merci
    11-22 22:37:38
    PROTECTIONS: 1
    MALWARE: 11
    SUSPECTS: 0
    ;***************************************************************************************** ******************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;========================================================================================= ==========================================================================================
    avast! antivirus 4.7.1074 [VPS 071122-0] 4.7.1074 No Yes
    ;========================================================================================= ==========================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;========================================================================================= ==========================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@atdmt[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@xiti[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@weborama[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@advertising[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@statse.webtrendslive[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@bluestreak[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriأ©taire\Cookies\hp_propriأ©taire@smartadserver[2].txt
    02688344 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\FMDQAEBJ.EXE
    02784291 Spyware/Vundo Spyware No 0 Yes No C:\WINDOWS\system32\rntcfrbj.dll
    02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xgirkppw.dll
    02812177 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\KHDQFGHF.DLL
    ;========================================================================================= ==========================================================================================
    SUSPECTS
    Location
    ;========================================================================================= ==========================================================================================
    ;========================================================================================= ==========================================================================================
    0
  7. zizou00 Messages postés 12 Statut Membre
     
    rebonjour;
    voilà le rapport de vundifix
    C:\WINDOWS\system32\ftcleokj.dll
    C:\windows\system32\ftcleokj.dllbox
    C:\windows\system32\ghkmp.bak2
    C:\windows\system32\ghkmp.ini
    C:\windows\system32\pmkhg.dll
    C:\windows\system32\qweqwzeq.dllbox
    C:\windows\system32\rgveffbs.dllbox
    C:\windows\system32\tkzqwmya.dllbox
    C:\windows\system32\vlzmalhe.dllbox
    C:\windows\system32\zbjuvfqw.dllbox
    puis j'ai telecharger virtmundobegone voilç son rapport
    [11/23/2007, 17:40:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [11/23/2007, 17:40:47] - User choose NOT to continue. Exiting...

    [11/23/2007, 17:48:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [11/23/2007, 17:48:13] - Detected System Information:
    [11/23/2007, 17:48:13] - Windows Version: 5.1.2600, Service Pack 2
    [11/23/2007, 17:48:13] - Current Username: HP_Propriétaire (Admin)
    [11/23/2007, 17:48:13] - Windows is in NORMAL mode.
    [11/23/2007, 17:48:13] - Searching for Browser Helper Objects:
    [11/23/2007, 17:48:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [11/23/2007, 17:48:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [11/23/2007, 17:48:13] - BHO 3: {1337e96b-ecca-4e97-8a25-8c7f824a55b0} ()
    [11/23/2007, 17:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:13] - Checking for HKLM\...\Winlogon\Notify\smmghvgt
    [11/23/2007, 17:48:13] - Key not found: HKLM\...\Winlogon\Notify\smmghvgt, continuing.
    [11/23/2007, 17:48:13] - BHO 4: {180B14DF-DCC9-4D12-B93D-E8F32615E1FF} ()
    [11/23/2007, 17:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:13] - No filename found. Continuing.
    [11/23/2007, 17:48:13] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
    [11/23/2007, 17:48:13] - BHO 6: {298DF716-189E-4DEF-8C83-B621C09D17A8} ()
    [11/23/2007, 17:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:13] - No filename found. Continuing.
    [11/23/2007, 17:48:13] - BHO 7: {3108B150-2738-4753-9115-3CB17CDEC840} ()
    [11/23/2007, 17:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:13] - No filename found. Continuing.
    [11/23/2007, 17:48:13] - BHO 8: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/23/2007, 17:48:13] - BHO 9: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
    [11/23/2007, 17:48:13] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/23/2007, 17:48:13] - BHO 11: {77FA831A-258D-4D6C-A508-2E9947A2F045} ()
    [11/23/2007, 17:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:14] - No filename found. Continuing.
    [11/23/2007, 17:48:14] - BHO 12: {8AFFFE8C-0C5C-41C9-96A8-BBD4CFB7F0F1} ()
    [11/23/2007, 17:48:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:14] - Checking for HKLM\...\Winlogon\Notify\pmkhg
    [11/23/2007, 17:48:14] - Key not found: HKLM\...\Winlogon\Notify\pmkhg, continuing.
    [11/23/2007, 17:48:14] - BHO 13: {8DE29EE1-378B-4570-9A74-1D72CA3C00A1} ()
    [11/23/2007, 17:48:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:14] - No filename found. Continuing.
    [11/23/2007, 17:48:14] - BHO 14: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/23/2007, 17:48:14] - BHO 15: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/23/2007, 17:48:14] - BHO 16: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/23/2007, 17:48:14] - BHO 17: {B8279A7A-A732-4DB9-95BE-8A4CBA52C0EC} ()
    [11/23/2007, 17:48:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:14] - No filename found. Continuing.
    [11/23/2007, 17:48:14] - BHO 18: {BBDA78C3-63D2-4BAA-AA3D-E2977BF92749} ()
    [11/23/2007, 17:48:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2007, 17:48:14] - No filename found. Continuing.
    [11/23/2007, 17:48:14] - BHO 19: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
    [11/23/2007, 17:48:14] - Finished Searching Browser Helper Objects
    [11/23/2007, 17:48:14] - Finishing up...
    [11/23/2007, 17:48:14] - Nothing found! Exiting...
    et voilà le raport hijack this
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:48:58, on 23/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\UMonit.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Menara\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
    C:\HAD\PTW.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\mmjbmrbo.exe
    C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\freecell.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {0b55a428-f7c8-52a8-79e4-acceb69e7331} - {1337e96b-ecca-4e97-8a25-8c7f824a55b0} - C:\WINDOWS\system32\smmghvgt.dll
    O2 - BHO: (no name) - {180B14DF-DCC9-4D12-B93D-E8F32615E1FF} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {298DF716-189E-4DEF-8C83-B621C09D17A8} - (no file)
    O2 - BHO: (no name) - {3108B150-2738-4753-9115-3CB17CDEC840} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {77FA831A-258D-4D6C-A508-2E9947A2F045} - (no file)
    O2 - BHO: (no name) - {8AFFFE8C-0C5C-41C9-96A8-BBD4CFB7F0F1} - C:\WINDOWS\system32\pmkhg.dll (file missing)
    O2 - BHO: (no name) - {8DE29EE1-378B-4570-9A74-1D72CA3C00A1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B8279A7A-A732-4DB9-95BE-8A4CBA52C0EC} - (no file)
    O2 - BHO: (no name) - {BBDA78C3-63D2-4BAA-AA3D-E2977BF92749} - (no file)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [3c5589a9] rundll32.exe "C:\WINDOWS\system32\jndfpybu.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Rupsmon Daemon.lnk = ?
    O4 - Global Startup: أوقات الصلاة.lnk = C:\HAD\PTW.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.coupdepoucepc.com/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A669C16-DACF-4302-A677-613A820D3D1A}: NameServer = 212.217.0.14 196.217.246.210
    O18 - Protocol: bw+0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw+0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw-0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw-0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw00 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw00s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw10 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw10s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw20 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw20s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw30 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw30s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw40 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw40s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw50 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw50s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw60 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw60s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw70 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw70s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw80 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw80s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw90 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw90s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwa0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwa0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwb0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwb0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwc0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwc0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwd0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwd0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwe0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwe0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwf0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwf0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwg0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwh0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwh0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwi0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwi0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwj0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwj0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwk0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwk0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwl0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwl0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwm0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwm0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwn0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwn0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwo0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwo0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwp0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwp0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwq0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwq0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwr0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwr0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bws0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bws0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwt0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwt0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwu0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwu0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwv0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwv0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bww0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bww0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwx0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwx0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwy0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwy0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwz0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwz0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: offline-8876480 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: zsgzxphy - C:\WINDOWS\
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\mmjbmrbo.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
    O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
    0
  8. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Télécharge ComboFix

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Redémarrez votre PC en mode sans échec.
    Double cliquez sur ComboFix.exe
    Tapez sur la touche Y (Yes) pour démarrer le scan.

    ComboFix redémarrera votre PC : suivez les instructions indiquées à l'écran.

    Pour redémarrer en mode sans échec, voici un tuto:

    https://www.malekal.com/demarrer-windows-mode-sans-echec/
    0
  9. zizou00 Messages postés 12 Statut Membre
     
    maerci tout le monde j'ai suivi toutes les consignes avancees ci drssus j'ai appliqué les differentes demarches du telechargement du VundoFix.exe au telechargement de combofix la fenetre pub hopelessromantic a disparu merci bcq
    0
  10. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    Poste le rapport Combofix
    Ton rapport au dessus est à nettoyer et y'a des véroles

    1°/ ► Combofix
    2°/ ► Un nouveau log Hijacthis

    A++
    0
  11. zizou00
     
    voilà mon rapport combofix
    ComboFix 07-11-19.3 - HP_Propriétaire 2007-11-24 15:20:26.2 - NTFSx86
    Microsoft Windows XP Edition familiale 5.1.2600.2.1256.212.1036.18.141 [GMT 0:00]
    Running from: C:\Downloads\Software\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\HP_Propriétaire\Application Data\STEM~1
    C:\Documents and Settings\HP_Propriétaire\Application Data\STEM~1\??stem\
    C:\Documents and Settings\HP_Propriétaire\Favoris\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_SROSA

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-24 12:41 <REP> d-------- C:\Program Files\SpyHunter
    2007-11-24 12:41 <REP> d-------- C:\Documents and Settings\HP_Propriلtaire\Bureau
    2007-11-24 08:48 <REP> d-------- C:\Program Files\Crawler
    2007-11-23 17:12 85,056 --a------ C:\WINDOWS\system32\jndfpybu.dll
    2007-11-23 16:59 <REP> d-------- C:\Program Files\HardwareDetection
    2007-11-22 23:40 <REP> d-------- C:\Program Files\Enigma Software Group
    2007-11-22 18:37 <REP> d-------- C:\Program Files\Panda Security
    2007-11-22 17:08 <REP> d-------- C:\Program Files\Navilog1
    2007-11-21 22:20 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-21 21:43 <REP> d-------- C:\Program Files\MSBuild
    2007-11-21 21:41 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-11-21 21:37 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-11-21 21:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-21 21:32 <REP> dr-h----- C:\MSOCache
    2007-11-21 20:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
    2007-11-21 20:24 85,056 --a------ C:\WINDOWS\system32\xgirkppw.dll
    2007-11-21 20:13 80,960 --a------ C:\WINDOWS\system32\cprthiur.dll
    2007-11-21 17:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
    2007-11-20 20:13 2,266 ---hs---- C:\WINDOWS\system32\luqiwdag.ini
    2007-11-20 01:49 <REP> d-------- C:\Program Files\XoftSpySE
    2007-11-20 01:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2007-11-20 01:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2007-11-20 01:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-11-20 01:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2007-11-20 01:30 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-11-20 01:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2007-11-20 01:30 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-11-20 01:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-11-20 01:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2007-11-20 01:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
    2007-11-20 01:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intervideo
    2007-11-20 01:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2007-11-20 01:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-20 01:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-19 20:10 2,026 ---hs---- C:\WINDOWS\system32\anhhgwoc.ini
    2007-11-18 23:18 1,486 ---hs---- C:\WINDOWS\system32\xgwnoqdc.ini
    2007-11-18 21:47 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\gtk-2.0
    2007-11-17 23:20 1,306 ---hs---- C:\WINDOWS\system32\ywgfkcyb.ini
    2007-11-17 23:12 <REP> d-------- C:\Program Files\QuickTime
    2007-11-17 23:12 <REP> d-------- C:\Program Files\iTunes
    2007-11-17 23:12 <REP> d-------- C:\Program Files\iPod
    2007-11-17 23:08 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\.thumbnails
    2007-11-17 23:08 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\.thumbnails
    2007-11-17 23:06 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\.gimp-2.4
    2007-11-17 23:06 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\.gimp-2.4
    2007-11-17 23:05 <REP> d-------- C:\Program Files\GIMP-2.0
    2007-11-17 22:16 <REP> d-------- C:\Program Files\iPod(2)
    2007-11-17 22:15 <REP> d-------- C:\Program Files\iTunes(2)
    2007-11-17 22:12 <REP> d-------- C:\Program Files\QuickTime(2)
    2007-11-16 23:43 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Sony Corporation
    2007-11-16 23:42 <REP> d-------- C:\Drivers
    2007-11-16 23:42 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
    2007-11-16 23:42 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
    2007-11-16 23:42 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
    2007-11-16 23:42 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
    2007-11-16 23:42 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
    2007-11-16 23:42 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
    2007-11-16 23:41 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
    2007-11-16 23:41 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
    2007-11-16 23:41 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-11-16 23:41 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-11-16 23:39 <REP> d-------- C:\Program Files\Sony
    2007-11-16 19:11 1,066 ---hs---- C:\WINDOWS\system32\qeswupfm.ini
    2007-11-15 18:31 946 ---hs---- C:\WINDOWS\system32\mhqbgktw.ini
    2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
    2007-11-14 00:30 766 ---hs---- C:\WINDOWS\system32\lojyqwdn.ini
    2007-11-13 00:19 1,074 ---hs---- C:\WINDOWS\system32\jdibexat.ini
    2007-11-12 00:14 894 ---hs---- C:\WINDOWS\system32\ylygpqyh.ini
    2007-11-10 22:14 474 ---hs---- C:\WINDOWS\system32\rgucsmhh.ini
    2007-11-10 22:10 <REP> d-------- C:\Program Files\PC Sync Manager
    2007-11-08 22:21 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
    2007-11-08 22:21 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
    2007-11-08 22:21 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
    2007-11-08 22:21 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
    2007-11-08 22:13 998 ---hs---- C:\WINDOWS\system32\juhbfmwv.ini
    2007-11-08 00:58 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2007-11-08 00:58 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2007-11-07 22:15 697,264 ---hs---- C:\WINDOWS\system32\cuprojhl.ini
    2007-11-07 18:54 697,144 ---hs---- C:\WINDOWS\system32\gsdhfnti.ini
    2007-11-05 22:11 697,084 ---hs---- C:\WINDOWS\system32\kmdcnnwd.ini
    2007-11-03 19:55 696,784 ---hs---- C:\WINDOWS\system32\swlrypvy.ini
    2007-11-03 01:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
    2007-11-03 01:26 <REP> d-------- C:\Program Files\Fichiers communs\Acronis
    2007-11-03 01:26 <REP> d-------- C:\Program Files\Acronis
    2007-11-02 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Micro Application
    2007-11-02 22:58 395,744 --a------ C:\WINDOWS\system32\drivers\timntr.sys
    2007-11-02 22:58 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
    2007-11-02 22:58 39,264 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
    2007-11-02 19:58 696,604 ---hs---- C:\WINDOWS\system32\ajkkvehf.ini
    2007-11-01 20:09 695,869 ---hs---- C:\WINDOWS\system32\wxbaospq.ini
    2007-10-31 19:57 695,457 ---hs---- C:\WINDOWS\system32\mjdollxs.ini
    2007-10-31 01:03 2,138,112 --a------ C:\WINDOWS\system32\ntoskrnl.exe
    2007-10-31 01:03 2,138,112 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2007-10-30 22:09 <REP> d-------- C:\Program Files\LIUtilities
    2007-10-30 19:55 694,985 ---hs---- C:\WINDOWS\system32\puwcdrex.ini
    2007-10-29 20:01 694,616 ---hs---- C:\WINDOWS\system32\kyacuobx.ini
    2007-10-28 19:53 694,384 ---hs---- C:\WINDOWS\system32\cffxrhjb.ini
    2007-10-27 21:58 <REP> d-------- C:\Program Files\BillP Studios
    2007-10-27 21:58 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\WinPatrol

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 15:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Free Download Manager
    2007-11-24 12:45 --------- d---a-w C:\Program Files\Al Muhaddith
    2007-11-24 08:43 --------- d-----w C:\Program Files\a-squared Free
    2007-11-24 01:50 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
    2007-11-23 23:00 --------- d-----w C:\Program Files\eMule plus
    2007-11-21 21:43 --------- d-----w C:\Program Files\Microsoft Works
    2007-11-20 01:37 4,940 ----a-w C:\WINDOWS\system32\tmp.reg
    2007-11-18 21:45 2,097,152,000 ----a-w C:\timeshift.dat
    2007-11-16 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-16 22:55 --------- d-----w C:\Program Files\Modèles Météo - GFS
    2007-10-31 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-31 18:00 --------- d-----w C:\Program Files\WinUpdater
    2007-10-31 01:34 --------- d-----w C:\Program Files\Menara
    2007-10-30 22:17 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-27 19:57 --------- d-----w C:\Program Files\Nokia
    2007-10-27 19:56 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
    2007-10-27 19:02 --------- d-----w C:\Program Files\Free Download Manager
    2007-10-27 00:16 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\shell32(4).dll
    2007-10-25 16:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 16:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 16:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 16:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 15:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-25 15:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-10-25 15:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-10-24 22:44 --------- d-----w C:\Program Files\Java
    2007-10-24 22:32 --------- d-----w C:\Program Files\Google
    2007-10-24 21:31 --------- d-----w C:\Program Files\Yahoo!
    2007-10-24 21:31 --------- d-----w C:\Program Files\Webteh
    2007-10-24 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-10-20 21:24 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-20 21:06 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2007-10-20 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-10-20 20:00 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Nero
    2007-10-20 19:54 --------- d-----w C:\Program Files\Nero
    2007-10-04 21:10 --------- d-----w C:\Program Files\Claris Corp
    2007-10-03 23:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
    2007-10-01 21:02 --------- d-----w C:\Program Files\eMule
    2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1337e96b-ecca-4e97-8a25-8c7f824a55b0}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 14:47]
    "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-08-21 12:04]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 17:43]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-01 17:58 C:\WINDOWS\SOUNDMAN.EXE]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
    "Dit"="Dit.exe" [2002-05-20 19:47 C:\WINDOWS\Dit.exe]
    "UMonit"="C:\WINDOWS\system32\UMonit.exe" [2003-03-10 03:20]
    "Gene USB Monitor"="C:\WINDOWS\system32\UMonit2K.exe" [2002-12-17 09:58]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 08:47]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-25 20:36]
    "AlcWzrd"="ALCWZRD.EXE" [2004-07-06 00:05 C:\WINDOWS\ALCWZRD.EXE]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 15:20]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 17:58]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 18:02]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 11:47]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "3c5589a9"="C:\WINDOWS\system32\jndfpybu.dll" [2007-11-23 17:12]
    "SpyHunter"="" []

    C:\Documents and Settings\HP_Propri‚taire\Bureau\Raccourcis Bureau non utilis‚s\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-23 00:57:27]
    HDDlife.lnk - C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe [2006-03-20 11:07:22]
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-16 23:39:27]
    Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2006-02-20 16:03:37]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\Menara\dslmon.exe [2007-02-01 20:58:12]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 04:31:38]
    Rupsmon Daemon.lnk - C:\Program Files\Megatec\UPSilon 2000\Monw32.exe [2006-02-20 15:41:29]
    ڑيçں¢ ںé­éں،.lnk - C:\HAD\PTW.EXE [2003-01-08 03:05:38]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zsgzxphy]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    "Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "PCTVRemote"=C:\Program Files\Pinnacle\Pinnacle PCTV Sat\Remote\Remoterm.exe

    R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys
    R2 DIG_TS;Pinnacle PCTV Sat TS;C:\WINDOWS\system32\DRIVERS\dig_ts.sys
    R2 DIG_V;Pinnacle PCTV Sat Analog;C:\WINDOWS\system32\drivers\dig_v.sys
    R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 pctvnet;Pinnacle PCTV Sat Ethernet Driver;C:\WINDOWS\system32\DRIVERS\pctvnet.sys
    R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys
    S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-09-13 21:50:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-23 20:02:37 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 15:24:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-24 15:25:17
    .
    --- E O F ---
    et voula le rapoert hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:28:20, on 24/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\UMonit.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Menara\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\HAD\PTW.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {0b55a428-f7c8-52a8-79e4-acceb69e7331} - {1337e96b-ecca-4e97-8a25-8c7f824a55b0} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [3c5589a9] rundll32.exe "C:\WINDOWS\system32\jndfpybu.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Rupsmon Daemon.lnk = ?
    O4 - Global Startup: أوقات الصلاة.lnk = C:\HAD\PTW.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.coupdepoucepc.com/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A669C16-DACF-4302-A677-613A820D3D1A}: NameServer = 212.217.0.14 196.217.246.210
    O18 - Protocol: bw+0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw+0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw-0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw-0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw00 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw00s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw10 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw10s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw20 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw20s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw30 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw30s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw40 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw40s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw50 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw50s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw60 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw60s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw70 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw70s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw80 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw80s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw90 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw90s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwa0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwa0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwb0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwb0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwc0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwc0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwd0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwd0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwe0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwe0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwf0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwf0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwg0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwh0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwh0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwi0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwi0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwj0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwj0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwk0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwk0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwl0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwl0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwm0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwm0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwn0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwn0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwo0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwo0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwp0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwp0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwq0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwq0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwr0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwr0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bws0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bws0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwt0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwt0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwu0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwu0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwv0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwv0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bww0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bww0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwx0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwx0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwy0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwy0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwz0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwz0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: offline-8876480 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: zsgzxphy - C:\WINDOWS\
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
    O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
    0
  12. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    Installe JAVA
    https://www.java.com/fr/download/manual.jsp
    Les mises à jour Java ne sont pas des mises à jour de confort ; ce sont des mises à jour de SÉCURITÉ .

    Installe un pare-feu

    télécharger la version gratuite de Kerio
    Kerio (parefeu)
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    TUTO
    https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
    SITE de Kerio
    https://kerio.probb.fr/

    1/ Télécharge et installe CCleaner

    http://www.clubic.com/lancer-le-telechargement-20932-0-ccleaner-crap-cleaner-.html

    2/ Télécharge AVG

    https://www.avg.com/en-ww/free-antivirus-download
    Lance AVG Anti-Spyware et clique sur le bouton Mise à jour.
    Tu fermes


    3/ Redémarre en mode sans échec

    (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
    Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

    4/ Lance HijackThis

    puis --> Do a system scan only
    coche les lignes indiquées ci-dessous
    puis --> Fix checked
    puis oui à la question de confirmation

    O2 - BHO: {0b55a428-f7c8-52a8-79e4-acceb69e7331} - {1337e96b-ecca-4e97-8a25-8c7f824a55b0} - (no file)
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" –atboottime
    04 - HKLM\..\Run: [3c5589a9] rundll32.exe "C:\WINDOWS\system32\jndfpybu.dll",b
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O18 - Protocol: bw+0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw+0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw-0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw-0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw00 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw00s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw10 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw10s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw20 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw20s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw30 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw30s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw40 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw40s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw50 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw50s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw60 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw60s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw70 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw70s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw80 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw80s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw90 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bw90s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwa0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwa0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwb0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwb0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwc0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwc0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwd0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwd0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwe0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwe0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwf0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwf0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwg0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwh0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwh0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwi0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwi0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwj0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwj0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwk0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwk0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwl0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwl0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwm0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwm0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwn0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwn0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwo0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwo0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwp0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwp0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwq0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwq0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwr0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwr0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bws0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bws0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwt0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwt0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwu0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwu0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwv0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwv0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bww0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bww0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwx0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwx0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwy0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwy0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwz0 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: bwz0s - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O18 - Protocol: offline-8876480 - {10578EE4-6978-445A-8ECF-ED9599CE20BD} - (no file)
    O20 - Winlogon Notify: zsgzxphy - C:\WINDOWS\

    7/ Lance CCleaner
    puis bouton Analyse ensuite Bouton Lancer le Nettoyage

    8/ Lance AVG

    Lance AVG Anti-Spyware
    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglets Comment réagir, clique sur Actions recommandées.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    /!\ Si un fichier est infecté en fin d'analyse /!\
    choisis l'option " Appliquer toutes les actions " en bas.
    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.
    Copie/colle le rapport

    9/ Redémarre normalement et poste un nouveau rapport HijackThis.

    as-tu encore des dysfonctionnements ?

    0
  13. Utilisateur anonyme
     
    HOAX ou PAS ? (je t'entends déjà râler ;O)

    Propre ?

    C:\WINDOWS\GPInstall.exe
    C:\Program Files\WinUpdater
    C:\timeshift.dat
    C:\Program Files\SpyHunter
    C:\WINDOWS\system32\jndfpybu.dll
    C:\WINDOWS\system32\xgirkppw.dll
    C:\WINDOWS\system32\cprthiur.dll
    C:\WINDOWS\system32\luqiwdag.ini
    C:\Program Files\XoftSpySE
    C:\WINDOWS\system32\anhhgwoc.ini
    C:\WINDOWS\system32\xgwnoqdc.ini
    C:\WINDOWS\system32\ywgfkcyb.ini
    C:\WINDOWS\system32\qeswupfm.ini
    C:\WINDOWS\system32\mhqbgktw.ini
    C:\WINDOWS\system32\lojyqwdn.ini
    C:\WINDOWS\system32\jdibexat.ini
    C:\WINDOWS\system32\ylygpqyh.ini
    C:\WINDOWS\system32\rgucsmhh.ini
    C:\WINDOWS\system32\juhbfmwv.ini
    C:\WINDOWS\system32\cuprojhl.ini
    C:\WINDOWS\system32\gsdhfnti.ini
    C:\WINDOWS\system32\kmdcnnwd.ini
    C:\WINDOWS\system32\swlrypvy.ini
    C:\WINDOWS\system32\ajkkvehf.ini
    C:\WINDOWS\system32\wxbaospq.ini
    C:\WINDOWS\system32\mjdollxs.ini
    C:\WINDOWS\system32\puwcdrex.ini
    C:\WINDOWS\system32\kyacuobx.ini
    C:\WINDOWS\system32\cffxrhjb.ini

    0
  14. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Rrrhhhôôôô !!!!! Ma Langouste est passée, je l'ai loupé ;;)))

    Ben tien ! Justement montre moi clairement pour la propreté, je ne m'y fait paaaas du tout ;(

    0
  15. Utilisateur anonyme
     
    Lol, j'suis une langouste maintenant ? C'est-à-dire tu vas me manger ;O) :$ :$

    Je t'explique ça ailleur, par contre pourquoi y'a des étoiles devant tes seins ? La dictature a parlée ?
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Bon... J'ai lu ;;(( c'est pas du gâteau..... Je dirai une sacrè mayonnaise ;;;;))))
      Ça peut-être bon aussi avec la langouste ;;)))

      pourquoi y'a des étoiles devant tes seins
      Ma langouste a de bons yeux ;;;))))
      (comme ça)



      0
  16. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    zizou00 t'affole pas je ne suis pas loin...

    Je suis ""encore"" en apprentissage avec la langouste ;;)))
    C'est pas du gâteau ;;))

    0
  17. zizou00 Messages postés 12 Statut Membre
     
    bon courrage ^^Marie^^
    0
  18. Utilisateur anonyme
     
    T'as pas compris ?(°_°)
    Dis moi tout c'est comme un rapport quelconque en plus long suffit de débusquer les bestioles et encore j'tai pas parlé des clés du registre :P
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      T'as pas compris ?(°_°)
      Je comprends vite mais faut m'expliquer longtemps ;;))) ô ô

      Fait moi un exemple de réponse
      , avec le log de Zizou
      Cela en fera une de plus,
      Le Sioux m'a expliqué aussi à sa façon, en mettant les 2 à plat....
      Mais .... je ne suis pas tranquille.....
      Je ne le maitrise pas encore, mais ça va viendre...



      j'tai pas parlé des clés du registre :P
      naaannn, nnaaaaannnn, nan !!!!!
      0
  19. Utilisateur anonyme
     
    Bah j'tai djà donné un exemple avec son log en MP (x_x)
    En plus la liste est là t'as qu'à utilise l'outil indiquait dans le MP, j'tai tout mis sur un plateau t'as même pas vu pff la prochaine fois j'tenvois un Z'HOAX comme ça j'suis sûr tu le verras celui-là (jsuis chiant hein :P)
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Si j'ai tout vu - arfffff

      Cela donnerai (tout d'abord) ça

      Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
      Double-clique sur OTMoveIt.exe pour lancer le programme,
      Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

      C:\Program Files\SpyHunter
      C:\Program Files\Navilog1
      C:\WINDOWS\system32\xgirkppw.dll
      C:\WINDOWS\system32\cprthiur.dll
      C:\WINDOWS\system32\luqiwdag.ini
      C:\Program Files\XoftSpySE
      C:\WINDOWS\system32\SrchSTS.exe
      C:\WINDOWS\system32\dumphive.exe
      C:\WINDOWS\system32\<gras>anhhgwoc.ini
      C:\WINDOWS\system32\xgwnoqdc.ini
      C:\WINDOWS\system32\ywgfkcyb.ini
      C:\WINDOWS\system32\qeswupfm.ini
      C:\WINDOWS\system32\mhqbgktw.ini
      C:\WINDOWS\system32\lojyqwdn.ini
      C:\WINDOWS\system32\jdibexat.ini
      C:\WINDOWS\system32\ylygpqyh.ini
      C:\WINDOWS\system32\rgucsmhh.ini
      C:\WINDOWS\system32\juhbfmwv.ini
      C:\WINDOWS\system32\cuprojhl.ini
      C:\WINDOWS\system32\gsdhfnti.ini
      C:\WINDOWS\system32\kmdcnnwd.ini
      C:\WINDOWS\system32\swlrypvy.ini
      C:\WINDOWS\system32\ajkkvehf.ini
      C:\WINDOWS\system32\wxbaospq.ini
      C:\WINDOWS\system32\mjdollxs.ini
      C:\WINDOWS\system32\puwcdrex.ini
      C:\WINDOWS\system32\kyacuobx.ini
      C:\WINDOWS\system32\cffxrhjb.ini

      Clique sur MoveIt! pour lancer la suppression,
      Le résultat appraraîtra dans le cadre Results.
      Clique sur Exit pour fermer le programme.
      Poste le rapport qui est situé ici : C:\\\\_OTMoveIt\MovedFiles
      Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

      0
  20. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bon, je recommence................

    zizou00 à toi de jouer..... Fais ce qui est notifié ci dessous

    Cherche et supprime ce qui est en GRAS

    C:\Program Files\SpyHunter
    C:\Program Files\XoftSpySE

    Ensuite

    Télécharge OTMoveIt

    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    Double-clique sur OTMoveIt.exe pour lancer le programme,
    Copie la liste de fichiers ou de dossiers ci-dessous et
    colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

    C:\Program Files\SpyHunter
    C:\Program Files\Navilog1
    C:\WINDOWS\system32\xgirkppw.dll
    C:\WINDOWS\system32\cprthiur.dll
    C:\WINDOWS\system32\luqiwdag.ini
    C:\Program Files\XoftSpySE
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\anhhgwoc.ini
    C:\WINDOWS\system32\xgwnoqdc.ini
    C:\WINDOWS\system32\ywgfkcyb.ini
    C:\WINDOWS\system32\qeswupfm.ini
    C:\WINDOWS\system32\mhqbgktw.ini
    C:\WINDOWS\system32\lojyqwdn.ini
    C:\WINDOWS\system32\jdibexat.ini
    C:\WINDOWS\system32\ylygpqyh.ini
    C:\WINDOWS\system32\rgucsmhh.ini
    C:\WINDOWS\system32\juhbfmwv.ini
    C:\WINDOWS\system32\cuprojhl.ini
    C:\WINDOWS\system32\gsdhfnti.ini
    C:\WINDOWS\system32\kmdcnnwd.ini
    C:\WINDOWS\system32\swlrypvy.ini
    C:\WINDOWS\system32\ajkkvehf.ini
    C:\WINDOWS\system32\wxbaospq.ini
    C:\WINDOWS\system32\mjdollxs.ini
    C:\WINDOWS\system32\puwcdrex.ini
    C:\WINDOWS\system32\kyacuobx.ini
    C:\WINDOWS\system32\cffxrhjb.ini

    Clique sur MoveIt! pour lancer la suppression,
    Le résultat appraraîtra dans le cadre Results.
    Clique sur Exit pour fermer le programme.
    Poste le rapport qui est situé ici : C:\\\\_OTMoveIt\MovedFiles
    Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
    0
  • 1
  • 2