W32.myzor.fk@yf trojan

ilir -
ilir - 28 mars 2008 à 15:59

Bonjour,

J'ai un problème ce message aparet w32.myzor.fk@yf. Celon les conseils que j'ai vu sur le site j'ai fais un rapport avec ComboFix.exe.

Je suis vraiment dans la M..., est-ce que qqun pourrait m'aider svp ???

Voici le rapport :

ComboFix 08-03-25.4 - Jess 2008-03-26 14:34:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1461 [GMT 1:00]
Endroit: C:\Documents and Settings\Jess\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\VirusHeat 4.3
C:\Program Files\VirusHeat 4.3\ignored.lst
C:\Program Files\VirusHeat 4.3\vht.dat
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
C:\Program Files\VirusHeat 4.3\vpp.ini
.
---- Previous Run -------
.
C:\WINDOWS\system32\tdidrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.

2008-03-26 13:20 . 2008-03-26 13:20 <REP> d-------- C:\Documents and Settings\Jess\Application Data\Grisoft
2008-03-26 13:20 . 2008-03-26 13:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-26 13:20 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-25 14:49 . 2008-03-25 14:49 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-25 11:57 . 2008-03-25 11:57 <REP> d-------- C:\Program Files\Avira
2008-03-25 11:57 . 2008-03-25 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-25 11:49 . 2008-03-25 12:33 <REP> d-------- C:\Program Files\AntiSpyKit 5.3
2008-03-25 11:00 . 2004-08-20 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-03-25 11:00 . 2004-08-20 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-25 11:00 . 2004-08-20 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-03-25 11:00 . 2004-08-20 10:42 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-25 11:00 . 2004-08-20 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-03-25 11:00 . 2004-08-20 10:42 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-25 11:00 . 2004-08-20 10:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-25 11:00 . 2005-08-20 11:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-25 11:00 . 2005-08-20 11:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-25 03:09 . 2008-03-25 10:32 <REP> d-------- C:\Program Files\NetProject
2008-03-25 03:09 . 2008-03-25 12:33 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-25 09:32 --------- d-----w C:\Program Files\LimeWire
2008-03-19 22:54 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-10 15:37 --------- d-----w C:\Documents and Settings\Jess\Application Data\U3
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-01-04 18:12 45,686,161 ----a-w C:\Documents and Settings\Jess\NIS06910FR.exe
2006-04-17 17:52 4,752,968 ----a-w C:\Documents and Settings\Jess\MsgPlus-363.exe
2006-04-17 16:08 1,223,396 ----a-w C:\Documents and Settings\Jess\DesktopSMS210-fr.exe
2006-04-08 11:43 36,465,208 ----a-w C:\Documents and Settings\Jess\iTunesSetup.exe
2006-01-15 16:38 56 -csh--r C:\WINDOWS\system32\6E04EE84A3.sys
2006-01-15 16:38 1,890 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
2008-03-26 14:29 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47DD37-AC11-4A93-8E16-2B2364AF0897}]
C:\Program Files\Helper\1206410975.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [2008-03-25 03:09 83456]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-03-25 03:09 83456]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"VoipBuster"="C:\program files\voipbuster.com\voipbuster\voipbuster.exe" [ ]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 19:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:00 344064]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"SNCT511"="C:\WINDOWS\vsnct511.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 20:14 282624]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-03-28 12:08 53408]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-04 22:36 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-25 12:02 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{7d7bd0c4-4913-4933-b870-7388a7bffb82}"= C:\WINDOWS\system32\lvhjtsa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20118a30-a97c-11db-8697-00123fe2d2a5}]
\Shell\AutoRun\command - E:\DTE_Privacy_launcher.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 14:44:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-26 14:50:21 - machine was rebooted [Jess]
ComboFix-quarantined-files.txt 2008-03-26 13:50:12
.
2008-03-22 18:56:57 --- E O F ---

Afficher la suite

A voir également:

W32.myzor.fk@yf trojan
Trojan remover - Télécharger - Antivirus & Antimalwares
W32.trojan.gen - Forum Virus
Trojan al11 ✓ - Forum Virus
Trojan b901 system32 win config 34 ✓ - Forum Virus
Trojan agent ✓ - Forum Virus

17 réponses

Réponse 1 / 17

Utilisateur anonyme

Salut ,

Evite d'utiliser des logiciels tel que Combofix sur ton pc sans que quelqu'un ne te l'ai demandé , car il peuvent serieusement endommager le pc.

***********

→ Télécharge smitfraudfix

→ Dézippe le ( clic droit -> éxtraire tout )

→ Redémarre en MSE

Autre tutorials pour MSE:

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Choisit l’option 1, il va générer un rapport,
Colle le sur le post stp.

Tutorial : http://siri.urz.free.fr/Fix/SmitfraudFix.php
a+

ilir

salut,

Désolé j'ai cru bien faire.

j'ai fais ce que tu as dis mais quand je click droit, y a pas l'option "extraire tout"

Réponse 2 / 17

Utilisateur anonyme

Re oui j'ai vu , pas grave continu

a+

ilir

Excuse moi, mais je comprends pas trop ce que je dois faire.

je fais koi kan j suis dans le mode sans échec ?

Pourrais-tu préciser un peu les étapes stp, car je suis un débutant dans le domaine.

Merci pour ton aide!

Réponse 3 / 17

Utilisateur anonyme

Quand tu es en mode sans echec , tu double clique sur l'icone ( jaune ) tu te laisse guider et au menu principal tu tapes 1 et [entrée]

Il va créer un rapport , sauvegarde le et poste le moi.

a+

ilir

Re, voilà le rapport ke j'ai obtenu :

SmitFraudFix v2.200

Rapport fait à 15:46:11.67, 26.03.2008
Executé à partir de C:\Documents and Settings\Jess\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

Merci encore pour ton aide.

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

Réponse 4 / 17

Utilisateur anonyme

Re , il n'est pas complet ce rapport =)

CTRL+A pour tout selectionner.

a+

ilir

excuse jsuis vraiment trop nul.

Voilà cette fois-ci, ça doit être bon :

SmitFraudFix v2.200

Rapport fait à 15:46:11.67, 26.03.2008
Executé à partir de C:\Documents and Settings\Jess\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jess

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jess\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jess\Favoris

C:\DOCUME~1\Jess\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7d7bd0c4-4913-4933-b870-7388a7bffb82}"="figpecker"

[HKEY_CLASSES_ROOT\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\WINDOWS\system32\lvhjtsa.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\WINDOWS\system32\lvhjtsa.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6D5C3E7E-B884-4B96-AB54-936B1530FF95}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6D5C3E7E-B884-4B96-AB54-936B1530FF95}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6D5C3E7E-B884-4B96-AB54-936B1530FF95}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 17

Utilisateur anonyme

Re ,

→ Redémarre en MSE

Autre tutorials pour MSE :

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Relance Smitfraudfix , choisi l'option 2

-------[Redémarre normalement]--------

→ Poste moi le rapport obtenu

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

A+

ilir

lentement mais sûrment...!

le voilà :

SmitFraudFix v2.200

Rapport fait à 16:32:53.42, 26.03.2008
Executé à partir de C:\Documents and Settings\Jess\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7d7bd0c4-4913-4933-b870-7388a7bffb82}"="figpecker"

[HKEY_CLASSES_ROOT\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\WINDOWS\system32\lvhjtsa.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\WINDOWS\system32\lvhjtsa.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6D5C3E7E-B884-4B96-AB54-936B1530FF95}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6D5C3E7E-B884-4B96-AB54-936B1530FF95}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6D5C3E7E-B884-4B96-AB54-936B1530FF95}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7d7bd0c4-4913-4933-b870-7388a7bffb82}"="figpecker"

[HKEY_CLASSES_ROOT\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\WINDOWS\system32\lvhjtsa.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\WINDOWS\system32\lvhjtsa.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 6 / 17

Utilisateur anonyme

Re !

Fait ceci :

→ Télécharge HJT

Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe

→ Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

A+

ilir

voilà c'est fait :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:39, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\1206410975.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 7 / 17

Utilisateur anonyme

Re ,

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

C:\Program Files\NetProject

et colle-les dans le cadre de gauche de OTMoveIt : "Paste Standard List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.

A+

+ un new rapport Hijakcthis.

ilir

Je sais pas ou ce que tu vas chercher tout ces trucs mais voilà ce que t'as demandé:

C:\Program Files\NetProject moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_170509

------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:47, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\1206410975.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 8 / 17

Utilisateur anonyme

Re ,

→ Relance hijackthis , Choisis ' Do a system scan ' Et fixe ces lignes : ( coche la case à leurs gauches > ' fixchecked ')

O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\1206410975.dll (file missing)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

********************************************************
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '

Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/

Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :

https://www.adobe.com/support/security/bulletins/apsb07-01.html

https://get2.adobe.com/reader/otherversions/

*******************************************************
Désinstalle norton avec ce logiciel :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Et télécharge Antivir ( PersonnalEdition Classic) → ici

Tuto Installation + configuration Antivir → https://www.malekal.com/avira-free-security-antivirus-gratuit/

Tuto Installation : → https://www.astucesinternet.com/modules/news/article.php?storyid=253

Pour le rendre encore plus discret....

**************************************************

Télécharge le pare-feu ZoneAlarm Lit bien tout l'article pour éviter les surprises.

Des soucis avec ?

***********************

Fait tout cela et reposte moi un rapport Hijackthis.
a+

ilir

je sais pas ce que j'ai fais mais je crois ke j'ai fini.

par contre j'ai de la peine à maîtriser zonealarme.

Je crois que j'ai fais une conneries je crois dans hijackthis j'ai coché quasiment toutes les cases, j'avais pas compris tout de suite ce qu'il fallait faire.

Dis moi si c'est bon.

Bonne appétit si tu manges.

à toute!

voilà le rapport ke tu m'as demandé :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:13, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 9 / 17

Utilisateur anonyme

Re ...

Oui t'as tout atomisé !

=S

Bon bon bon ...

Lance Hijackthis ,

> View the list of backup

Et clique sur chaque lignes présentes > Restore

SAUF

O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\1206410975.dll (file missing)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

Celle la =)
a+

( reposte un rapport HJT une fois cela fini )

ilir

j'ai fais ce que t'as dis et kan je veux faire un nouveau rapport ce message aparaît :

"HijackThis is already runing" avec un bouton "ok"

Réponse 10 / 17

Utilisateur anonyme

Ferme toute les fenetre et recommence.

Redémarre au pire.

a+

ilir

voilà c'est fait, j'espère ke c bon cette fois ci...! : )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:12, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 11 / 17

Utilisateur anonyme

Re ,

→ Relance hijackthis , Choisis ' Do a system scan ' Et fixe ces lignes : ( coche la case à leurs gauches > ' fixchecked ')

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll (file missing)

Te trompe pas cette fois ci ;)

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Planificateur LiveUpdate automatique
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '

Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/

Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :

https://www.adobe.com/support/security/bulletins/apsb07-01.html

https://get2.adobe.com/reader/otherversions/

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

→ Télécharge CleanUp452 ( Primary download site ... )

→ Lance-le et choisi l'option ' cleanup! '

→ Poste le rapport.

Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

→ Télécharge clean : http://www.malekal.com/download/clean.zip

→ Dézippe-le ( clique droit , extraire tout)

→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Rapport cleanup + Clean + un nouveau Hijackthis =)
Bonne chance
A+

ilir

Dis donc ça commence à être de plus en compliqué...! :=)

- 1er Rapport :

CleanUp! started on 03/26/08 23:10:16.
...
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\kb_warning[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\L4XNI0CAZX01ZGCAK4SSDUCAS6G6SACACSA28WCAER43VKCAJVAC85CANGA5WACAZJP8V0CA4NCN7HCA0DL7IMCAZY4QZNCAL81L5GCADLE1AJCAI0YQ83CABNVVNPCAA84WP7CA8IWY4GCAM4NS28CAEJKGTX.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\LayoutInbox[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\LayoutInbox_12.4.0078.0228[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\LCREOECAKPF7KVCAS8UHHTCAKTKXMICAENZGZPCAEM72EYCA6HF3DICAMMJ2XYCATO7VPTCAF0QI9WCA2XC213CAJR90ABCAYR32Z2CAI9J1M3CACLXVUWCAC1CIY0CA4M5MWHCA9BIVKWCAEJ7A2CCANU7ZAR.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Light[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\linie-verticala-1[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\LNUH24CAO3SND6CATD33CHCAOYLZKDCA7EU70ICA8G6FVRCA6LBD01CAK6YZHJCA0YZ17SCAK5OEDYCAHM6NKNCA7AJTBMCAGL73SCCACBZV9XCAZHM028CARMKH0PCA5N3U5XCAN60B29CA5OXU6ZCA1KD8UC.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\logoIdn[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mafia300x250[1].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mafia300x250[2].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\majinstall3uj[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\majsecurite8vq[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\MarkusBeckerFtMallorcaCowb[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\master-vfl34196[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\megabanner_728x90[1].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mgou[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\moveable_box[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\moveable_box[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\MsgrConfig[1].xml - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\MSSW3HCA710IADCAWSZ1ONCA51P0YICAZQH0O7CAM2ZKDZCATTMEN6CAIAP4FBCAZ3TE36CAZT3FMKCAPHKUBRCAGNLADICAFDE1TACA0SOVWQCAPJ7RNVCACL4KI2CA1XMTDACAFY2110CAPPS0DGCAHFND73.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\ms_masthead_ltr[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\multi_friend_selector[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\MVQ30CCAN6FVTRCAVO1A9GCAWS3SL2CAIXF8PVCAF4GSJGCAWW7W8RCAACLEGPCAQCCZ6XCA1RCMKQCADT1GKFCA6GSF15CABE2J4RCAQABTFJCA7WCZWQCAZAKJW1CA3QX2RICAIM31O8CA99SBNMCA941D5M.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mymsn[1].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mymsn[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mymsn[2].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\mymsn[3].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\nav_logo3[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\NCTAHCCAZKG5CSCAXH235WCA37YNC6CAF4GXYFCASEFK4PCA52OU05CAYDV3DMCA0W0DDVCA6T3BW6CA1C7GA3CADVW375CAVJUF6ECAELNHX3CAU89PDFCARZ3N8YCA9Y7VSICAGQ24NECACHN404CAVNEWEB.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\next[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\note[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\O0D8EBCAMQ2UCQCAJS4PLBCAKW8PURCA8W8R3LCAMVB60CCAJ2FA88CADC6N1SCA2WRRQACAJ3YCW4CAV5EJ7KCAG5EK86CA5MHF6LCASATKYPCA7Q37BYCA97EASECAHKA7LKCACH3PJECAP6TEZPCACDY5FM.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\offcancl[1] - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\OJ3XPSCAYF7CD1CAVV75O6CAI8F59CCAEU377JCAWE4QWFCAV6NNN1CAALKZ28CAXVC4V4CA2TVQV3CAARB47TCAC5OSB1CA189SN9CAKX6GJDCAULC4A0CAQML0D4CAAAKN46CAHIGQ6ZCANKLCE9CANCMLN1.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\OKRMONCAOWUPT3CA3TREZFCA4DEE9KCA1PEHSBCA7H7QD5CAO32QJ2CA4SYRO7CASQLTXRCA1KP6RTCAZJTP4DCAEH3HS2CAZPGF8TCAIKOMYACANXQ0AECA94XG35CAQP3774CAYBXQ0ZCAQ91F3MCACD5PBK.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\ok_bloc_recherV2[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\oo_engine[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\OXLNXCCA7R0OWNCAP631ZSCAAB2BOFCAGI2GEZCAPN993CCANOSLSRCA44WR23CA2GZXPCCAS2MM52CA36FWQQCAYTY249CARZCCDNCAX7J155CAD56EM3CA9O4E24CA0K5VKJCA36HWJNCAWSICKMCA4O9Q1M.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\P9G8GHCAYL58QACAX28Z62CAI790P3CA4ADM9SCAMO5CZHCAMLK2JLCATOY60PCAF85QNMCA3VSYA8CAUQAS8VCA8HL4WTCAEWEORNCA86A81ZCAYATCAJCAQGBG4CCA8CSYK7CAXV1BS1CAB1QFVMCA7OGUNL.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\PCPro2[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pdf_button[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\photos[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\photo[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\photo[2].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pic_02[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pic_03[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pic_06[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pic_back[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pic_empty[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pic_home_mobile_30x37-vfl22495[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\PID_499611_234x90[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\ping[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pipe[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pixel[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pixel[2].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\politics[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\popups[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\pop_dialog_top_right[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\PQC62XCA5U44YUCAFAVFTJCAUJL5RGCAYXRZGFCA1Q3V1ICAQHCJGNCA10I9MMCAGT81YGCAL1LFDMCA5L089ICARMJH05CAG1WME0CABXZQP1CANGRAFGCAW7I2YDCATH1Q38CA8LVY4MCA7PSC86CA69HJYT.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\printButton[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\print[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\productsNAV[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\profile[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\progressbar_centre_complete[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\promo2;sz=300x50;tile=3;ord=2834523978603061[1] - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\props[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\puceForum[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\q616693846_1560[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\q666991044_3728[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\q738873677_3132[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Q8F9HFCASE7AMBCA98I523CA3IBK7WCAFWJWWCCA32EKD4CA0S6YDDCAL2IW4LCAS5NPWMCAD79562CAZ1AFLUCAFL0LCLCA8Q4KZFCAQ4BK70CAA0J3QGCAS12D3HCA8YH8OZCA5IKZ0UCA2NA1TCCAFC5CGN.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\quickling[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\QZN6PCCAGXQ4XMCA4DC34LCA33NDM8CATUZC12CAGZZA2HCADXYVTHCA7ET3MLCAJ9OB6OCAVWQE1LCANS5OCDCAU999NFCAX1HYXDCACJEPUKCACZ2HIWCAV2F1RPCAATPH3KCAM8BEO7CAFZ3TFCCATCNL2P.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\reader_icon_special[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\realtone_120x600[1].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\renault728-90_v2[1].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\rssico[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s716547578_376703_9339[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s716547578_376720_1939[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s716547578_376726_4459[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s716547578_376801_6582[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s716547578_376804_9414[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\sc_press[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\sc_rest[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\search_button[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\search_input_gloss[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\set_awesome[1].xml - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\set_awesome[2].xml - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\set_awesome[3].xml - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\SF6HELCAI5RIN2CAXX8O4MCAQDD4KACAVHZIYCCATF2UI7CAL3W22UCAXNVCYKCAZ81YDICAPUKMISCAQW9BC3CAM5DTSUCAAZZNBGCAB4RKS0CAWTBD8KCAI3HK5SCAUP017ECAQRR56QCAPYXRBXCA60ZE99.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\shadowAlpha[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\show0[1].asp - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\show0[2].asp - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\SM0QWPCAD2L9WWCA3L0XIFCAWD4879CAJXOT4LCA4IREBMCA9X9YESCAXLBLHNCAST3NNQCA642IP0CA7NCET3CA5JYAG3CAC3FXF1CA1MPRR1CASRPRJVCAP5FRMQCAYCFL03CA7IN1VBCABLHT3XCAY3NBWS.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\smartad[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\SMHYM2CA75JSANCA1OGXQZCABXBAX1CAEI6CUVCABJURJICAW4DBW6CA6VEMD7CAVD3OK2CA7XJ0P0CAC7VQ4MCAAYBFRVCAJ0AUR7CAF5FF01CABL6O12CAGBSGSACARJP39RCAPFRAIICAKWJP2JCAYEV0HP.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Somm_dernum_bis_v4[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\spacer[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\sprite_charte[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\sprite_picto[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\srtag.s2[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\srt[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\style[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\style_NN4_pc[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s[1].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s[2].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s[3].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s[4].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s[5].htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\s_code[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t1022456583_6830[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t1036847131_3407[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\T4HU0ACAJ9PX5HCASPWKOZCAD570G5CAR8J50JCAAB1TOVCAQXYMQFCA7Z4E6QCANQZMS9CAN1D78ZCA5BA1U1CAP6TBD2CAIUOFWJCANGYCZXCAL6PLY7CAB8UDINCAT9BLQBCAUJP673CABMZBEVCA6RHL5L.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t523686151_700960_104[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t523686151_701790_6741[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t666991044_3728[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t710231965_1325[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t716547578_9481057578_1393[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t727125562_168[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\t738873677_3132[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tab_whois[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tet_gauche_generique[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tg_search[1].xml - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Timbaland_ApologizeFeatOne[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tirelire300x250[1].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tirelire300x250[2].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tirelire300x250[3].swf - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\today[1].css - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\today_fr-ch[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\ToolbarBG[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tools[1] - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\top_bg[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\tour_arrow_micro[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\transparent_1x1[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\TRRAYDCAFPMO2PCA63BMA0CABP30BUCAL35A9ECAL4EP2VCARKDLYFCA0EN5WGCANAIW2ICAMED0B0CAZBGYDBCA1IGNTTCASECARFCA8D0H10CALG7FZ9CA75VJLJCAGADS3LCAHJQOXKCA58K1D7CA7FBMCK.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\TRYCGOCA0NXI8WCAN8APKCCANS7MA6CAQ1O1J2CANED776CARMDCIRCA1XUZCECA9OGNG4CAOE8E65CAQYLOWPCA9F8KHACATE01S2CANT3KJ2CAZ30638CA0I60DACAW5IQUCCA566461CA0OHXSRCAU99TYX.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\TYKU9MCA00NYE2CAP7FXZYCAODDNBSCA5SCP0QCAXA6993CA3AP6IVCAD0JG67CAU309XJCA7HIVWTCAKZRYRGCASIO2Q1CAS0FY0XCAFNWVJBCA58NU3WCASCZN4ICA890UCDCA105D80CASN0P8DCAZTUOLP.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\UBZXD4CAVLV1KJCATE4WT6CAJ6J2VACAQWB0I9CAKK098FCA3B4NI6CA6XW22KCAE9QTAJCABD8W3DCAUOOILNCAHYXT8XCALQLPNGCA18LD6QCAIXPII3CACWXFISCAZL1STECA6UIKWHCASHQRSTCANSZ04T.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\upload_progress[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\verrauto6jv[1].png - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\viadeo_scop_2703[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\VO23ABCAJVAQXDCA5VU410CASVR0JICAZY42KXCAFTPJF0CA7XI8OYCA3EXVO5CAFYE8DACA7RWMG7CAU2N5FRCAGTOTBNCA6UWUFZCA1RZIZ2CAYX78YUCA5ZW3UCCASERK21CAO33CRPCA287AM3CAB147S8.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\VXMJERCATMRBQXCA5KXCYXCACVKRGBCA4DIBESCAL7S3U4CAUZH52YCA6OZRW6CABA0UWMCAKN3WJ4CA7N1D8MCAKQHUZACASG10XZCALUYJT4CAW70ZP2CA7YAXN7CA5XQNSUCA5JLFKECAQM861HCAV05W2E.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\W48214CA3IQO8JCATRWHK2CA80VB15CASX7KY7CAAIV20OCAQLVO5LCAODZ1JVCA3DTMLWCAB2IH61CAFZLCHZCAU5L4YACAT4SPPSCA1NTLUPCAP14AHFCA1YE0UWCAU0NPONCAH4ZF3VCAM5BXA6CAJ2RAYC.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\W4IX9ACA3JZIU8CAC9XEE2CASXV59DCARLK0W5CAH6EDAWCAIR37AXCA3LESKQCA0YCPGHCAYA2CKVCA5V4JQJCAI5HUJZCAOWW716CACXIYYNCANGJIBKCAFXFY0SCAHHOC37CATF3635CABNR41NCALDMNRE.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\welcome_3[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\wizard[1].js - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\X3UKC4CAAR18KLCA4LR6DACATXY0PMCAKM0HKGCAJQ051DCAE44AYGCAG7DPF1CALONKKMCASHP2I1CA3G8B92CAUESDYGCAS65NV8CATPU73ICA75M5X5CAYCID2YCA1A59NFCA06YEB1CAOQN91BCA4JIF9F.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\XF161RCA9HLG2DCAXO3798CAMP46ZFCA8IVUZ0CAOMG37FCAOV0EOWCA6R7ZHVCA2V3Z10CABWPL3ECA6U01W5CATEMJO8CA88RKAHCABTKY1NCAUUDKMWCAR9YE10CAQIDLR9CAYVED2WCAMZXJGUCAP0QM5Q.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\XNXVATCAXBAQSZCAW0ZU4GCAVWF7DRCAF6LAW9CANPGHW1CANEV5I7CA18VLKRCATXM0JJCAOLN5K7CALJRG0CCAUM1NB4CAQW8EY6CAZ26OLSCA01WKKLCAHRWN0DCAEHBT9YCANNLBRVCALYU312CA1UNEMH.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\XXZADACA0ZGQ2ICA9QQO84CAB93WFTCAGCJXXPCAJFRVZECACID8TGCA9X32QLCAP32T1FCAGNIONQCASKEWNZCAFQSYU2CAS7S66JCAURDPFVCAZS3IWACAO846PNCAF4MR5DCAYWK6IKCAN4ZS95CAGB7CB5.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Y68LHBCA7TTDHGCAH44U3VCA87MDTPCAQWPDE5CA7R9SWACADIABEZCA13ZEKMCA6J2RQZCAGRINVDCA1M9CBOCAJD8MIICAZCEG8KCADX5ILLCASHHGF6CAKHTOBUCA0JO668CAWIEDKRCA7B3XZFCAX3Y33B.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\ytvaW_300x50[1].jpg - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\yva_get_video_info[1].xml - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Z39324CABZ4CNHCA4OPN2BCAFTCOX0CAW3VLAICA7QS7GJCAQ5LHV1CAN6BJIFCAJVXPVCCAZ686L7CA26J6JHCASDQ5OWCAB228K0CAZD57VZCAS7EDAUCA42UFATCA480JEBCA0DO37LCAJ2ZPU6CAAWNP9P.htm - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\Z5YB93CAGAT0QICATNJ016CA0RUND9CA2M4OBZCA82XSF5CAWV5LR1CA96RYBOCA5S3BCKCAS9J1GNCA4JJ22LCA1AH38UCALHP3HCCAL6ZZXBCAX8BAALCANYOZ8ECAGTSH01CA7V7FAMCADQ0SAGCA02CSU9.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\ZEGP67CAF033UNCADN1YKKCAV0RSBLCA6EZLOBCA5AZJ8GCA4U6HH3CAVURKHUCAC9TACICAZJS3QOCA4N103RCA7XQINPCALA7ZOACA91ZEO5CAMKBJ91CAZLTEECCAAG5TI2CAMAO7UYCAW5QBO1CAWEE3MY.gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\zonealarmadvanced[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\zonealarm_iprange[1].gif - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\_default;sz=399x299;tile=1;dcopt=ist;ord=6508008473447045[1] - deleted
C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\Z0U66Y1Z\_default;sz=399x299;tile=1;dcopt=ist;ord=8721307150181206[1] - deleted
C:\Documents and Settings\Invité\Cookies\index.dat - deleted
C:\Documents and Settings\Invité\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Invité\Cookies\index.dat - deleted
C:\Documents and Settings\Invité\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 776.1 MB of disk space from 21999 files.
CleanUp! finished on 03/26/08 23:11:12.
--------------------------------------------------------------------------------------------------------------------------

- 2ème Rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:20, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Réponse 12 / 17

Utilisateur anonyme

Re ,

Comment ça , il ne veut pas l'éxtraire ?
=/

++

ilir

je clique droit extraire tout puis une fenêtre souvre et j'appuie sur suivant.

ensuite je dois rappuyer sur suivant mais là un message d'error apparaït et me dis "aucun fichier à extraire"

je ne comprends pas nom plus.

kan je mets parcourir pour le chercher manuellement le fichier clean.zip n'apparaît pas.

?????

Réponse 13 / 17

Utilisateur anonyme

=/

Okkk laisse tomber alors.

En ce moment y a plein de soucis avec clean .... =(

Bon pour vérifier ,
Tu feras ceci demain :

Va sur ce site , /!\ Internet Explorer obligatoire /!\ , Clique sur ' J'accepte ' , Installe les ActiveX si necessaire ,et vérifie si ils sont bien configurés Clique sur ' installer ' puis ' click here to scan '( ou : cliquez ici pour scanner ).
Et poste moi le rapport.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

a+

( oui car c'est long = 1h30 )
Bonne nuit
A demain
++

Ps : il faut faire le ménage de temps en temps =)
cleanup a supprimé + de 700 mo de fichiers inutiles ;)

CleanUp! 4.5.2 recovered 776.1 MB of disk space from 21999 files.

ilir

ok ça marche!

merci pour tout le temps que tu as consacré pour ajd.

Passe une très bonne soirée et je t envoie tout ça demain.

ciao à +

ilir

Salut Cyril ça va?

J'ai essayé hier soir mais quand j'appuye sur (j'accepte) pour télécharger ce que tu m'as demandé!

Il me dit que c'est un impossible !!!

Réponse 14 / 17

Utilisateur anonyme

Re , oki

Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

fais dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.

Puis sur l'onglet Paramètres
sous "Comment réagir", clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

Poste le moi.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

ilir

Voilà ce que j'ai obtenu, j'espère que c'est juste..!

A +

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:03:15 27.03.2008

+ Résultat de l'analyse:

C:\Documents and Settings\Jess\Bureau\LimeWire\02 Track 2.wma -> Downloader.Wimad.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP299\A0165011.dll -> Not-A-Virus.Adware.E404 : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

Réponse 15 / 17

Utilisateur anonyme

Re , oki pas grand chose =)

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

********************************************

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.

Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.

************************************

encore des soucis ?

a+

ilir

Voilà c'est fait !

-->- Recherche:

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jess\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jess\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\Jess\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\Jess\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Jess\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Jess\Bureau\SmitFraudfix: trouvé !
C:\Program Files\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Jess\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Jess\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\Jess\Bureau\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\Jess\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Jess\Bureau\SmitFraudFix.exe: supprimé !
C:\Program Files\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Jess\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

----------------------------------------------------------

Merci bcp pour tout t'as résolu mon problème!
Mais y a juste un truc ki est apparu, c'est RegSvr32 qui apparaît à chaque fois ke j'ouvre une page internet et me demande d'appuyer sur ok, ce ke je fais mais la fenêtre s'ouvre encore 3 fois de suite, et au bout de la troisième fois ma page s'ouvre, que qui prend un temps fou, (j'espère ke t'as compris l'explication).

qqun m'a dit de le télécharger RegSvr32 puis de le réinstaller, c'est ce que j'ai fait, mais ça ne marche pas...!

Je sais que j'abuse un peu avec tout ça mais si t'arrive encore juste à me régler ce petit problème?

Merci....!

Réponse 16 / 17

Utilisateur anonyme

Re ,

supprime Toolscleaner.

Sinon pour ton autre soucis , fait ceci :

https://docs.microsoft.com/fr-fr/troubleshoot/windows-server/deployment/system-file-checker

=

En simple : démarrer > exécuter

SFC /SCANNOW

A+

ilir

slt,

j'ai fait deux fois le sfc /scannow, mais ça n'a rien donné !!!

j'ai toujours ce problème.

Réponse 17 / 17

Utilisateur anonyme

Re alors je ne vois pas vraiment ..

Désolé tu devrais poster un nouveau message dans le forum Windows.

encore désolé , bonne chance pour la suite

a+

ilir

tant pis alors!

Merci encore pour tout ce que tu as fait, tu m'as vrmt bcp aidé!

A+

Discussions similaires

W32 L32: correspondance entre taille US et taille française

win32:malware-gen bloqué par avast

Comment supprimer le virus Trojan

Aide pour un virus

Menace détectée TrojanSMS-PA sur Google Huawei/Android

Votre réponse

Discussions similaires