Ordi habité

nba allstar Messages postés 39 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
BoBonjour,
j'ai de nombreux problèmes sur mon pc mon scan est Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ULI5287\ULiRaid.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\windows\system32\cqqgmst.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AdvancedCleaner Free\UADCcw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\viwc.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\DOCUME~1\MIKA\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://windowsxlive.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gcl.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: e404mgr Class - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203549808.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [cqqgmst] c:\windows\system32\cqqgmst.exe cqqgmst
O4 - HKLM\..\Run: [vdtwfdroer] c:\windows\system32\vdtwfdroer.exe vdtwfdroer
O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [UADCFR_105791387] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
End of file - 12410 bytes

est-ce grave??
merci de me répondre

Configuration: Windows XP
Firefox 2.0.0.12njour,
Configuration: Windows XP
Firefox 2.0.0.12

19 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    effectivmeent plusieurs infections!

    ___________

    # télécharger Hoster :
    http://www.funkytoad.com/download/HostsXpert.zip

    # Dézipper le dossier sur le bureau.
    # Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

    _______________
    0/ telecharge smitfraudfix,

    http://telechargement.zebulon.fr/smitfraudfix.html

    1/ double clique sur smitfraudfix.cmd. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)

    2/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque

    ________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    __________________

    recolle un rapport hiajckhtis
    et dis tes soucis actuels
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      merci mon ordinateur beugue moin mai j'ai une grosse perte de vitesse sur internet d'ou viendrai se probleme en plus je ne compren pas le systeme "combofix"
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    il me faut les rapports pour t'aider...
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      il a supprimé les erreurs mai n'a pas envoyé de rapport je recommence ??
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle moil les rapports que tu peux et surtout un nouveau hijackthis a la fin
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
      C:\Program Files\ULI5287\ULiRaid.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
      C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
      C:\Program Files\AdvancedCleaner Free\UADCcw.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\viwc.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
      C:\DOCUME~1\MIKA\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gcl.*;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
      O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
      O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
      O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
      O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
      O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
      O4 - HKLM\..\Run: [UADCFR_105791387] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
      O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
      O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
      O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
      O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est loin d'etre finit!!!!

    ______________
    tu es détourné quand tu surf a l'etranger (ukraine) sympa non!!!

    * Télécharge FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    * Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    *Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) dans ta prochaine réponse.

    verifie avec hiajkchtis que ces lignes ont disparues : si presente tu les fix avec hijakchits (fix cheked)

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186

    ________________

    vire via ton panneau de configuration
    AdvancedCleaner Free car c'est un espion!!!!!

    pour info:
    https://forum.malekal.com/viewtopic.php?f=56&t=4089

    _____________________

    tu es infécté par zango aussi! bravo!

    # Allez dans ajout/suppression de programmes du panneau de configuration
    # Chercher dans la liste Zango et lancez la désinstallation.
    # Dans la nouvelle fenêtre, cochez tous les options puis cliquez sur le bouton Next

    si la desinstallation ne marche pas lance ce logiciel:
    http://www.zango.com/Uninstall/ZUninstaller.exe

    ______________________

    lance rogue remover

    pour telecharger :
    https://www.01net.com/telecharger/

    ________________________

    AVG antispyware

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    __________________________

    recolle un rapport hijackthis et dis tes soucis
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      a ouai quand même voila le rapport:


      ~~~~~ Prerun check

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
      "nameserver"="85.255.113.123 85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0235EDF2-3B6C-4F31-94A0-00742089EB15}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{78A20075-0087-4606-A173-F2A44EC3DA5E}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{91B525FD-6EFB-48E5-BF20-BCA81A779670}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}
      "nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0235EDF2-3B6C-4F31-94A0-00742089EB15}
      "DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}
      "DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}
      "DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}
      "DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{78A20075-0087-4606-A173-F2A44EC3DA5E}
      "DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}
      "DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.

      Cache de résolution DNS vidé.


      System was rebooted successfully.

      ~~~~~ Postrun check
      HKLM\SOFTWARE\~\Winlogon\ "System"=""
      ....
      ....
      ~~~~~ Misc files.
      ....
      ~~~~~ Checking for older varients.
      ....

      ~~~~~ Current runs (hklm hkcu "run" Keys Only)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      "farstone"=""
      "RestoreIT!"="\"C:\\Program Files\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"
      "fenaffiche"="C:\\Program Files\\FenAffiche\\FenUnika.exe"
      "ULiRaid"="C:\\Program Files\\ULI5287\\ULiRaid.exe"
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
      "RTHDCPL"="RTHDCPL.EXE"
      "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
      "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
      "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
      "AliceSAV"="C:\\Program Files\\TechCity Solutions\\AliceSAV\\AliceAgent.exe"
      "Vaderetro Outlook"="\"C:\\PROGRA~1\\GOTOSO~1\\VADERE~1\\VrMoRegister.exe -s\""
      "Vade Retro Outlook Express"="\"C:\\PROGRA~1\\GOTOSO~1\\VADERE~1\\Vaderetro_oe.exe\""
      "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
      "PKR Pal"="\"C:\\Program Files\\PKR\\pkrpal.exe\" -osboot"
      "AdvancedCleaner Free"="\"C:\\Program Files\\AdvancedCleaner Free\\UADC.exe\" /min"
      "SM_IAN"="C:\\Program Files\\AdvancedCleaner Free\\ian_monitor.exe"
      "AbyssmoClient"="C:\\Program Files\\Fichiers communs\\AdvancedCleaner\\abhlp.exe"
      "UADCFR_105791387"="\"C:\\Program Files\\AdvancedCleaner Free\\UADCcw.exe\" -c"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
      "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
      "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
      "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
      "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
      "viwc"="C:\\WINDOWS\\system32\\viwc.exe"
      "WeatherDPA"="\"C:\\Program Files\\Zango\\bin\\10.3.35.0\\Weather.exe\" -auto"
      ....
      Hosts file was reset, If you use a custom hosts file please replace it...
      ~~~~~ End report ~~~~~
      0
      1. nba allstar Messages postés 39 Statut Membre > nba allstar Messages postés 39 Statut Membre
         
        C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll.vir -> Adware.Comet : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Common -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Common\Time -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Common\Updates -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\HostOI -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\HostOI\Updates -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Hostol -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Hostol\Mail -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Hostol\Updates -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Hostol\soho -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Time -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Time\HostIE -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Time\HostIE\Updates -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\EUI -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\HtmlPPP -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\ImagesHistory -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Install -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\MachineInfo -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Mail -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\PI -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\PI\3.2 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg003 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg035 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg036 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg995 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg996 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg997 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg998 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Sample\Hist\sg999 -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\Upgrade -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\UserInfo -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\dynamic -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\links -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\options -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        HKU\S-1-5-21-4143568106-1687265772-865372169-1008\Software\Zango\Zango\updates -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
        C:\Documents and Settings\HADJA\Bureau\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Nettoyé et sauvegardé (mise en quarantaine).
        C:\Documents and Settings\HADJA\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\Cache\73184576d01/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Nettoyé et sauvegardé (mise en quarantaine).
        :mozilla.180:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.181:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.182:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.183:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.184:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.185:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.186:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.187:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.221:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
        :mozilla.75:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.76:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.82:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.83:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.84:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.85:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.86:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
        :mozilla.522:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
        :mozilla.74:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
        :mozilla.244:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
        :mozilla.245:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
        :mozilla.246:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
        :mozilla.247:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
        :mozilla.300:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
        :mozilla.68:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
        :mozilla.227:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
        C:\Documents and Settings\HADJA\Cookies\hadja@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
        :mozilla.125:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.126:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.127:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.128:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.129:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.130:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.131:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.132:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.133:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.134:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.135:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.136:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.137:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.138:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.139:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.140:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
        :mozilla.581:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.
        :mozilla.223:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
        :mozilla.224:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
        :mozilla.225:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
        :mozilla.36:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
        C:\Documents and Settings\HADJA\Cookies\hadja@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
        :mozilla.24:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
        :mozilla.274:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
        C:\Documents and Settings\HADJA\Cookies\hadja@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
        :mozilla.109:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
        :mozilla.110:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
        :mozilla.111:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
        :mozilla.112:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
        :mozilla.294:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé.
        :mozilla.295:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé.
        :mozilla.16:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.18:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.204:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.205:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.206:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.23:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.262:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.267:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.464:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.466:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.467:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.468:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
        C:\Documents and Settings\HADJA\Cookies\hadja@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
        C:\Documents and Settings\HADJA\Cookies\hadja@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
        :mozilla.448:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
        :mozilla.449:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
        :mozilla.460:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Linksynergy : Nettoyé.
        :mozilla.462:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Linksynergy : Nettoyé.
        :mozilla.391:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
        :mozilla.392:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
        C:\Documents and Settings\HADJA\Cookies\hadja@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
        :mozilla.222:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
        :mozilla.315:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.316:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.317:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.318:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.319:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.320:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.454:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
        :mozilla.61:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
        :mozilla.62:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
        :mozilla.63:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
        :mozilla.634:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
        :mozilla.635:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
        :mozilla.636:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
        :mozilla.637:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
        :mozilla.102:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.103:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.104:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.105:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.106:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.107:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.108:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.93:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.94:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.95:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.96:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.97:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.98:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.99:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
        :mozilla.175:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
        :mozilla.176:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
        :mozilla.178:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
        :mozilla.179:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
        :mozilla.38:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
        :mozilla.42:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
        :mozilla.43:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
        :mozilla.44:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
        :mozilla.64:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
        :mozilla.65:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
        :mozilla.66:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
        :mozilla.67:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
        C:\Documents and Settings\MIKA\Cookies\mika@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
        :mozilla.321:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
        :mozilla.163:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
        :mozilla.164:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
        :mozilla.165:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
        :mozilla.166:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
        :mozilla.170:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
        :mozilla.171:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
        :mozilla.172:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


        Fin du rapport
        0
      2. nba allstar Messages postés 39 Statut Membre > nba allstar Messages postés 39 Statut Membre
         
        et pr finir le derniere rapport hijackthis

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 21:40, on 2008-03-02
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
        C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\PAStiSvc.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
        C:\Program Files\ULI5287\ULiRaid.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
        C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
        C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
        C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\DAEMON Tools\daemon.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Windows Media Player\WMPNSCFG.exe
        C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
        C:\WINDOWS\system32\viwc.exe
        C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
        C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\DOCUME~1\MIKA\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gcl.*;<local>
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
        O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
        O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
        O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
        O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
        O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
        O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
        O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
        O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
        O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
        O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok poursuis
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR

    _____________________

    analyse ce fichier sur virus total et dis moi si infécté: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\viwc.exe

    ______________________

    mets a jour java: DEMARRZER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR
    _____________________

    mets a jour internet explorer ici:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    ______________________

    recolle hijakcthis
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      j'ai fai une grosse éreur j'ai tout cocher
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as coché toutes les cases hijakthis?????????

    tu es mal barré

    restaure ton ordi a une heure anterieure meme si cela remettra les virus en partie on reprendra!

    pour cela

    DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME
    0
  9. nba allstar Messages postés 39 Statut Membre
     
    voila c'est fait je reposte un rapport hijackthis??
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui on repare a zero...
    0
  11. nba allstar Messages postés 39 Statut Membre
     
    ok voila
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:35, on 2008-03-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
    C:\Program Files\ULI5287\ULiRaid.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    C:\Program Files\AdvancedCleaner Free\UADCcw.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\viwc.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\DOCUME~1\MIKA\LOCALS~1\Temp\Répertoire temporaire 6 pour HiJackThis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gcl.*;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
    O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    O4 - HKLM\..\Run: [UADCFR_105791387] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire via ton panneau de configuration
    AdvancedCleaner Free car c'est un espion!!!!!

    pour info:
    https://forum.malekal.com/viewtopic.php?f=56&t=4089

    ________________

    AVG antispyware

    https://www.01net.com/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    _______________

    0/ telecharge smitfraudfix,

    http://telechargement.zebulon.fr/smitfraudfix.html

    1/ double clique sur smitfraudfix.cmd. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)

    _________________

    analyse ce fichier sur virus total et dis moi si infécté: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\viwc.exe

    ______________________

    mets a jour java: DEMARRER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR
    _____________________

    mets a jour internet explorer ici:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    ______________________

    recolle hijakcthis
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      l'ordi m'annonce que le ficher advenced clear n'existe pas et que donc la desinstalation est impossible
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok on virera apres:

    j'ai oublié le principal:

    * Télécharge FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    * Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    *Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) dans ta prochaine réponse.

    verifie avec hiajkchtis que ces lignes ont disparues : si presente tu les fix avec hijakchits (fix cheked)

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186

    ______________________

    AVG antispyware

    https://www.01net.com/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    _______________

    0/ telecharge smitfraudfix,

    http://telechargement.zebulon.fr/smitfraudfix.html

    1/ double clique sur smitfraudfix.cmd. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)

    _________________

    analyse ce fichier sur virus total et dis moi si infécté: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\viwc.exe

    ______________________

    mets a jour java: DEMARRER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR
    _____________________

    mets a jour internet explorer ici:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    ______________________

    recolle hijakcthis
    0
  14. nba allstar Messages postés 39 Statut Membre
     
    SmitFraudFix v2.299

    Rapport fait à 0:03:51.93, 2008-03-03
    Executé à partir de C:\Documents and Settings\MIKA\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
    C:\Program Files\ULI5287\ULiRaid.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    C:\Program Files\AdvancedCleaner Free\UADCcw.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\viwc.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MIKA

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MIKA\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKA\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="MsgPlusLoader.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.113.123
    DNS Server Search Order: 85.255.112.186

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: DhcpNameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer=85.255.113.123,85.255.112.186
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.123 85.255.112.186
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.123 85.255.112.186
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.113.123 85.255.112.186

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  15. nba allstar Messages postés 39 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:20, on 2008-03-03
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
    C:\Program Files\ULI5287\ULiRaid.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AdvancedCleaner Free\UADCcw.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\viwc.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\MIKA\LOCALS~1\Temp\Répertoire temporaire 7 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gcl.*;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
    O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UADCFR_105791387] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    * Télécharge FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    * Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    *Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) dans ta prochaine réponse.

    verifie avec hiajkchtis que ces lignes ont disparues : si presente tu les fix avec hijakchits (fix cheked)

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186

    _________________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous si presentes et clic en bas sur "fix checked".

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    O4 - HKLM\..\Run: [UADCFR_105791387] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
    O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B1B0DE-3A20-4053-A2C2-BAAFEDD445A3}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D830976-A37A-4BC3-BD56-5C981CA6BA33}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5361E4C6-3B79-43A1-BA8A-DA8C9DE82A2B}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78A20075-0087-4606-A173-F2A44EC3DA5E}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91B525FD-6EFB-48E5-BF20-BCA81A779670}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA357720-F9FB-45D4-A271-F9D0752ED5ED}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0235EDF2-3B6C-4F31-94A0-00742089EB15}: NameServer = 85.255.113.123,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.123 85.255.112.186

    _______________

    relance avg antispyware et colle le rapport

    _________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\AdvancedCleaner Free
    C:\Program Files\AdvancedCleaner Free\UADC.exe
    C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe
    C:\Program Files\AdvancedCleaner Free\UADCcw.exe
    C:\WINDOWS\system32\viwc.exe
    C:\Program Files\Zango
    C:\Program Files\Zango\bin\10.3.35.0\Weather.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    __________________

    recollle hijackthsi et dis tes soucis
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      Cache de résolution DNS vidé.



      ~~~~~ Postrun check
      HKLM\SOFTWARE\~\Winlogon\ "System"=""
      ....
      ....
      ~~~~~ Misc files.
      ....
      ~~~~~ Checking for older varients.
      ....

      ~~~~~ Current runs (hklm hkcu "run" Keys Only)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      "farstone"=""
      "RestoreIT!"="\"C:\\Program Files\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"
      "fenaffiche"="C:\\Program Files\\FenAffiche\\FenUnika.exe"
      "ULiRaid"="C:\\Program Files\\ULI5287\\ULiRaid.exe"
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
      "RTHDCPL"="RTHDCPL.EXE"
      "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
      "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
      "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
      "AliceSAV"="C:\\Program Files\\TechCity Solutions\\AliceSAV\\AliceAgent.exe"
      "Vaderetro Outlook"="\"C:\\PROGRA~1\\GOTOSO~1\\VADERE~1\\VrMoRegister.exe -s\""
      "Vade Retro Outlook Express"="\"C:\\PROGRA~1\\GOTOSO~1\\VADERE~1\\Vaderetro_oe.exe\""
      "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
      "PKR Pal"="\"C:\\Program Files\\PKR\\pkrpal.exe\" -osboot"
      "AdvancedCleaner Free"="\"C:\\Program Files\\AdvancedCleaner Free\\UADC.exe\" /min"
      "SM_IAN"="C:\\Program Files\\AdvancedCleaner Free\\ian_monitor.exe"
      "AbyssmoClient"="C:\\Program Files\\Fichiers communs\\AdvancedCleaner\\abhlp.exe"
      "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
      "UADCFR_105791387"="\"C:\\Program Files\\AdvancedCleaner Free\\UADCcw.exe\" -c"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
      "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
      "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
      "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
      "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
      "viwc"="C:\\WINDOWS\\system32\\viwc.exe"
      "WeatherDPA"="\"C:\\Program Files\\Zango\\bin\\10.3.35.0\\Weather.exe\" -auto"
      ....
      Hosts file was reset, If you use a custom hosts file please replace it...
      ~~~~~ End report ~~~~~
      0
    2. nba allstar Messages postés 39 Statut Membre
       
      :mozilla.133:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.134:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.57:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.58:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.59:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.62:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.63:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.64:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.65:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      :mozilla.146:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
      :mozilla.147:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
      :mozilla.148:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
      :mozilla.149:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
      :mozilla.150:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
      :mozilla.535:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
      :mozilla.67:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
      :mozilla.29:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.30:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.31:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.32:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
      :mozilla.335:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
      :mozilla.67:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
      :mozilla.72:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
      :mozilla.41:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
      :mozilla.71:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
      :mozilla.141:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.142:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.143:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.144:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.145:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.151:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.152:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.153:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.154:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.155:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.156:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.157:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.158:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.159:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.160:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.161:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
      :mozilla.594:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.
      :mozilla.281:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.282:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.283:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
      :mozilla.85:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      :mozilla.18:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
      :mozilla.314:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
      :mozilla.162:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
      :mozilla.164:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
      :mozilla.165:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
      :mozilla.167:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
      :mozilla.329:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé.
      :mozilla.330:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé.
      :mozilla.15:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.16:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.17:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.276:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.277:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.278:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.302:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.307:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.479:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.481:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.482:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.483:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
      :mozilla.463:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
      :mozilla.464:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
      :mozilla.408:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
      :mozilla.409:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
      :mozilla.68:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
      :mozilla.350:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.351:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.352:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.353:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.354:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.355:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.469:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      :mozilla.252:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
      :mozilla.74:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.75:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.76:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
      :mozilla.15:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.16:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.17:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.18:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.19:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.20:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.21:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.22:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.23:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.24:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.25:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.26:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.27:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.28:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
      :mozilla.202:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.203:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.205:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.206:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
      :mozilla.91:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
      :mozilla.92:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
      :mozilla.93:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
      :mozilla.94:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
      :mozilla.43:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.44:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.45:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.46:C:\Documents and Settings\HADJA\Application Data\Mozilla\Firefox\Profiles\2ddwppyi.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.69:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.70:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      :mozilla.71:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\MIKA\Cookies\mika@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
      :mozilla.356:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
      :mozilla.180:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.181:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.182:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.183:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
      :mozilla.184:C:\Documents and Settings\MIKA\Application Data\Mozilla\Firefox\Profiles\5jchuxrd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


      Fin du rapport
      0
    3. nba allstar Messages postés 39 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:58:20, on 04/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\ULI5287\ULiRaid.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\DOCUME~1\MIKA\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gcl.*;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
      O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
      O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULI5287\ULiRaid.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok poursuis
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      File/Folder C:\Program Files\AdvancedCleaner Free not found.
      File/Folder C:\Program Files\AdvancedCleaner Free\UADC.exe not found.
      File/Folder C:\Program Files\AdvancedCleaner Free\ian_monitor.exe not found.
      File/Folder C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe not found.
      File/Folder C:\Program Files\AdvancedCleaner Free\UADCcw.exe not found.
      File/Folder C:\WINDOWS\system32\viwc.exe not found.
      File/Folder C:\Program Files\Zango not found.
      File/Folder C:\Program Files\Zango\bin\10.3.35.0\Weather.exe not found.
      [Custom Input]
      < C:\Program Files\AdvancedCleaner Free >
      File/Folder C:\Program Files\AdvancedCleaner Free not found.
      < C:\Program Files\AdvancedCleaner Free\UADC.exe >
      File/Folder C:\Program Files\AdvancedCleaner Free\UADC.exe not found.
      < C:\Program Files\AdvancedCleaner Free\ian_monitor.exe >
      File/Folder C:\Program Files\AdvancedCleaner Free\ian_monitor.exe not found.
      < C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe >
      File/Folder C:\Program Files\Fichiers communs\AdvancedCleaner\abhlp.exe not found.
      < C:\Program Files\AdvancedCleaner Free\UADCcw.exe >
      File/Folder C:\Program Files\AdvancedCleaner Free\UADCcw.exe not found.
      < C:\WINDOWS\system32\viwc.exe >
      File/Folder C:\WINDOWS\system32\viwc.exe not found.
      < C:\Program Files\Zango >
      File/Folder C:\Program Files\Zango not found.
      < C:\Program Files\Zango\bin\10.3.35.0\Weather.exe >
      File/Folder C:\Program Files\Zango\bin\10.3.35.0\Weather.exe not found.

      OTMoveIt2 v1.0.20 log created on 03042008_200703
      0
    2. nba allstar Messages postés 39 Statut Membre
       
      .
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\Config.xml
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\db\Aliases.dbs
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\db\Sites.dbs
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\report\aggr_storage.xml
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\report\send_storage.xml
      C:\Documents and Settings\HADJA\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\Config.xml
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\db\Aliases.dbs
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\db\Sites.dbs
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\report\aggr_storage.xml
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\report\send_storage.xml
      C:\Documents and Settings\MIKA\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
      C:\Program Files\outlook
      C:\Program Files\screensavers.com
      C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
      C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
      C:\Program Files\screensavers.com\SSSInst\bin\SSSInst.dll
      C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
      C:\Program Files\screensavers.com\SSSInst\temp\dm11B.tmp
      C:\Program Files\screensavers.com\SSSInst\temp\pltbinst.exe
      C:\Program Files\screensavers.com\Wallpaper\Jim Jones.jpg
      C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
      C:\Program Files\ShoppingReport
      C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      C:\Program Files\ShoppingReport\Uninst.exe
      C:\Program Files\winupdates
      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\bszip.dll
      C:\WINDOWS\system32\cdujbrmo.dll
      C:\WINDOWS\system32\cmd.com
      c:\WINDOWS\system32\cqqgmst.dat
      C:\WINDOWS\system32\cqqgmst.exe
      C:\WINDOWS\system32\cqqgmst_nav.dat
      C:\WINDOWS\system32\cqqgmst_navps.dat
      C:\WINDOWS\system32\dcbeg.ini
      C:\WINDOWS\system32\ddaby.dll
      C:\WINDOWS\system32\dhootehy.ini
      C:\WINDOWS\system32\gebcd.dll
      C:\WINDOWS\system32\nvs2.inf
      C:\WINDOWS\system32\ping.com
      C:\WINDOWS\system32\pskill.exe
      C:\WINDOWS\system32\tasklist.com
      C:\WINDOWS\system32\tracert.com
      c:\WINDOWS\system32\vdtwfdroer.dat
      c:\windows\system32\vdtwfdroer.exe
      c:\WINDOWS\system32\vdtwfdroer_nav.dat
      c:\WINDOWS\system32\vdtwfdroer_navps.dat
      C:\WINDOWS\system32\yayvtrs.dll
      C:\WINDOWS\system32\ybadd.ini
      C:\WINDOWS\system32\ybadd.ini2
      C:\WINDOWS\system32\yhetoohd.dll
      C:\WINDOWS\system32\ymselubh.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-04 20:04 . 2008-03-04 20:04 <REP> d-------- C:\_OTMoveIt
      2008-03-04 18:14 . 2008-03-04 18:14 <REP> d-------- C:\WINDOWS\LastGood
      2008-03-03 20:36 . 2008-03-03 20:36 <REP> d-------- C:\Documents and Settings\HADJA\Application Data\Grisoft
      2008-03-03 01:01 . 2008-03-03 01:01 <REP> d-------- C:\WINDOWS\system32\fr-fr
      2008-03-03 00:57 . 2008-03-03 00:59 1,355 --a------ C:\WINDOWS\imsins.BAK
      2008-03-02 22:48 . 2008-03-02 22:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-02 22:48 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-03-02 22:15 . 2008-03-04 20:04 <REP> d-------- C:\Program Files\Fichiers communs\AdvancedCleaner
      2008-03-02 20:22 . 2008-03-02 20:22 <REP> d-------- C:\Documents and Settings\MIKA\Application Data\Grisoft
      2008-03-02 20:15 . 2008-03-02 22:15 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-03-02 19:51 . 2008-03-04 16:33 <REP> d-------- C:\fixwareout
      2008-03-02 19:20 . 2008-03-02 19:53 <REP> d-------- C:\Documents and Settings\MIKA\QMCache00
      2008-03-02 19:20 . 2008-03-03 00:08 <REP> d-------- C:\Documents and Settings\MIKA\Application Data\Move Networks
      2008-03-02 12:07 . 2008-03-02 22:17 <REP> d-------- C:\Combo-Fix
      2008-03-01 22:23 . 2008-03-01 22:23 <REP> d-------- C:\ComboFix
      2008-03-01 21:03 . 2008-03-03 01:15 714 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
      2008-03-01 12:37 . 2008-03-01 12:37 <REP> d--hs---- C:\found.001
      2008-02-29 22:50 . 2008-02-29 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-02-29 22:42 . 2008-02-29 22:42 <REP> d-------- C:\Program Files\Sunbelt Software
      2008-02-29 22:34 . 2008-02-29 22:34 <REP> d-------- C:\Program Files\Yahoo!
      2008-02-29 22:33 . 2008-02-29 22:34 <REP> d-------- C:\Program Files\CCleaner
      2008-02-28 00:49 . 2008-02-28 00:51 <REP> d-------- C:\Documents and Settings\MIKA\Application Data\Zango
      2008-02-28 00:49 . 2008-02-28 00:49 <REP> d-------- C:\Documents and Settings\MIKA\Application Data\WeatherDPA
      2008-02-19 23:52 . 2008-03-03 01:02 <REP> d--h----- C:\WINDOWS\msdownld.tmp
      2008-02-19 23:48 . 2008-02-19 23:48 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
      2008-02-10 22:17 . 2008-02-10 22:17 <REP> d-------- C:\WINDOWS\H9YABCOPQ2PKLXYA

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-03 12:12 --------- d-----w C:\Program Files\Incomplete
      2008-03-03 12:03 --------- d-----w C:\Program Files\LimeWire
      2008-03-02 20:57 --------- d-----w C:\Program Files\Windows Live Toolbar
      2008-03-02 20:57 --------- d-----w C:\Program Files\Google
      2008-02-29 22:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
      2008-02-29 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-28 10:37 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
      2008-02-19 22:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-29 15:13 --------- d-----w C:\Documents and Settings\MIKA\Application Data\BitTorrent
      2008-01-27 20:41 --------- d-----w C:\Documents and Settings\MIKA\Application Data\TVU networks
      2008-01-27 20:40 --------- d-----w C:\Program Files\TVUPlayer
      2008-01-27 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
      2008-01-27 19:33 --------- d-----w C:\Program Files\TVAnts
      2008-01-24 17:00 --------- d-----w C:\Documents and Settings\MIKA\Application Data\InstallShield
      2008-01-15 19:50 --------- d-----w C:\Documents and Settings\MIKA\Application Data\Nokia Multimedia Player
      2008-01-15 19:49 --------- d-----w C:\Documents and Settings\MIKA\Application Data\Nokia
      2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
      2007-09-04 09:34 116,380 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_03_21_11_42_small.dmp.zip
      2007-09-02 11:38 111,555 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_02_12_57_54_small.dmp.zip
      2007-05-05 21:30 94,080 ----a-w C:\Documents and Settings\MIKA\Application Data\ezplay.sys
      2007-05-05 21:30 87,608 ----a-w C:\Documents and Settings\MIKA\Application Data\ezpinst.exe
      2007-05-05 21:30 47,360 ----a-w C:\Documents and Settings\MIKA\Application Data\pcouffin.sys
      2007-04-01 11:08 116,064 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_31_21_57_24_small.dmp.zip
      2007-03-25 11:26 122,759 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_24_17_06_48_small.dmp.zip
      2007-03-13 20:09 1,659 ----a-w C:\Program Files\Football Manager 2007.lnk
      2007-03-12 16:45 24,559,635 ----a-w C:\Documents and Settings\MIKA\GBA Roms - The Sims 2.zip
      2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
      2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
      2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 00:11 68856]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 00:11 43008]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "farstone"="" []
      "RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-21 16:39 114688]
      "fenaffiche"="C:\Program Files\FenAffiche\FenUnika.exe" [2004-07-23 09:51 36864]
      "ULiRaid"="C:\Program Files\ULI5287\ULiRaid.exe" [2006-02-02 17:50 401408]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2006-02-02 17:50 15691264 C:\WINDOWS\RTHDCPL.exe]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57 81408]
      "Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 10:59 44544]
      "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 15:46 295936]
      "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36 229376]
      "PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [ ]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=MsgPlusLoader.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P ]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2007-01-19 11:55 5674352 C:\PROGRA~1\MSNMES~1\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Totocam]
      C:\PROGRA~1\ALLOCA~1\allocam.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6667:UDP"= 6667:UDP:TOTOCAM UDP
      "6666:TCP"= 6666:TCP:TOTOCAM TCP

      R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2006-02-02 17:50]
      R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 16:39]
      R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 16:39]
      R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
      R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
      R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-09-21 16:39]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
      S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
      S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04eeaf81-948a-11da-b9a5-806d6172696f}]
      \Shell\AutoRun\command - D:\TS-H552L.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556e0730-8470-11dc-b832-0016ec143350}]
      \Shell\AutoRun\command - J:\start.exe
      \Shell\iledefrance\command - J:\start.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d477fddd-940e-11da-b756-806d6172696f}]
      \Shell\AutoRun\command - D:\TS-H552L.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-03-04 19:14:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-04 20:18:12
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-04 20:21:08
      ComboFix-quarantined-files.txt 2008-03-04 19:21:00
      .
      2008-02-13 22:10:53 --- E O F ---
      0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport hijackthis est bon!

    mets juste a jour java: DEMARRER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR

    ________________

    désactive la restauration système pour purger les virus qui sont dedans
    puis redemarre ton ordi
    puis réactive là
    (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
    ________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    __________________

    encore des problemes explique bien!!!!!
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      mon ordi apres la viste d'un de ces site a retrouver un virus
      0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    surement un faux positif détecté a cause du scan panda. mais aucun souci, c'est un faux positif

    donne moi le nom du virus pour voir et te confirmer ca

    sinon des problemes autres?
    0
    1. nba allstar Messages postés 39 Statut Membre
       
      non pas d'autres problèmes mon ordi marche beaucoup mieux maintenant merci mais j'aimerais savoir si maintenant je suis immunisé contre n'importe quel infection ou presque?
      0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour protéger gratos ton ordi

    https://www.commentcamarche.net/telecharger/ 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    -------------
    des anti-espions :
    AD AWARE + SPYBOT + si tea timer non active de spybot et ordi assez puissant: WINDOWS DEFENDER

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/ 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0