Ordi plein de pub

Résolu

phi60420 Messages postés 169 Statut Membre -
Le sioux Messages postés 4907 Statut Contributeur sécurité - 26 juin 2008 à 20:44

Bonjour, jai fait un rapport un rapport navilog mais je ne sait plus quoi faire apres
Search Navipromo version 3.5.8 commencé le 13/06/2008 à 13:54:26,32

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "@"

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Instant Access

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

C:\Program Files\Instant Access trouvé !

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\@\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\@\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\@\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\swyeqoemyg.dat
C:\WINDOWS\system32\swyeqoemyg.exe
C:\WINDOWS\system32\swyeqoemyg_nav.dat
C:\WINDOWS\system32\swyeqoemyg_navps.dat
C:\WINDOWS\system32\swyeqoemyg_navup.dat

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

Fichiers trouvés :

iamwiqimi.exe trouvé !
iamwiqimi.dat trouvé !
iamwiqimi_nav.dat trouvé !
iamwiqimi_navps.dat trouvé !

Fichiers suspects :

nsinet.exe trouvé !

* Recherche dans "C:\Documents and Settings\@\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\system32\egaccess4_1060.dll trouvé !
C:\WINDOWS\system32\egaccess4_1061.dll trouvé !
C:\WINDOWS\system32\egaccess4_1062.dll trouvé !
C:\WINDOWS\system32\EGDACCESS_1072.dll trouvé !
C:\WINDOWS\system32\EGDACCESS_1074.dll trouvé !
C:\WINDOWS\system32\EGDACCESS_1072.dll trouvé !
C:\WINDOWS\system32\EGDACCESS_1074.dll trouvé !
C:\WINDOWS\system32\EGDHTML_1026.dll trouvé !
C:\WINDOWS\system32\EGDHTML_1026.dll trouvé !
C:\WINDOWS\system32\linkprd.exe trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
C:\WINDOWS\system32\mwsrvacc.exe trouvé !
C:\WINDOWS\system32\prosvsys.exe trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

C:\WINDOWS\system32\nsinet.exe trouvé !

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

iamwiqimi.dat trouvé !
iamwiqimi_nav.dat trouvé !
iamwiqimi_navps.dat trouvé !
linkprd.exe trouvé !
mwsrvacc.exe trouvé !
prosvsys.exe trouvé !
swyeqoemyg.dat trouvé !
swyeqoemyg_nav.dat trouvé !
swyeqoemyg_navps.dat trouvé !
ujviwghx_navtmp.dat trouvé !

* Dans "C:\Documents and Settings\@\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\hijkkUtv.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 13/06/2008 à 14:16:56,59 ***

Configuration: Windows XP
Internet Explorer 7.0

Afficher la suite

A voir également:

Ordi plein de pub
Comment reinitialiser un ordi - Guide
Ordi qui rame - Guide
Mon ordi ne reconnait pas ma clé usb - Guide
Supprimer pub youtube - Accueil - Streaming
Plus de son sur mon ordi - Guide

31 réponses

Réponse 1 / 31

Utilisateur anonyme

bonjour

tu cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valides.
(ne fais pas le choix ,3 ou 4 sans notre avis/accord)

Le fix va t'informer qu'il va alors redémarrer ton PC
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuies sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc-notes. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

Poste le rapport

ensuite

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" n'est pas coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

phi60420 Messages postés 169 Statut Membre 1

quand je tape 2 sur navilog il se passe ien

Réponse 2 / 31

higelin22 Messages postés 263 Statut Membre 15

salut
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis

phi60420 Messages postés 169 Statut Membre 1

[06/13/2008, 16:44:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\@\Local Settings\Temporary Internet Files\Content.IE5\J4E9B3CV\VirtumundoBeGone[1].exe" )
[06/13/2008, 16:45:00] - Detected System Information:
[06/13/2008, 16:45:00] - Windows Version: 5.1.2600, Service Pack 2
[06/13/2008, 16:45:00] - Current Username: @ (Admin)
[06/13/2008, 16:45:00] - Windows is in NORMAL mode.
[06/13/2008, 16:45:00] - Searching for Browser Helper Objects:
[06/13/2008, 16:45:00] - BHO 1: {00027925-0017-4faf-9539-90E4AC0B9EC5} (Band Class)
[06/13/2008, 16:45:00] - BHO 2: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[06/13/2008, 16:45:00] - BHO 3: {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
[06/13/2008, 16:45:00] - BHO 4: {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} ()
[06/13/2008, 16:45:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 16:45:00] - Checking for HKLM\...\Winlogon\Notify\yobqywhuos
[06/13/2008, 16:45:00] - Key not found: HKLM\...\Winlogon\Notify\yobqywhuos, continuing.
[06/13/2008, 16:45:00] - BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/13/2008, 16:45:00] - BHO 6: {32341E7E-C319-46DE-91D0-E30BB1A3CABA} ()
[06/13/2008, 16:45:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 16:45:00] - Checking for HKLM\...\Winlogon\Notify\nnnljgGV
[06/13/2008, 16:45:00] - Found: HKLM\...\Winlogon\Notify\nnnljgGV - This is probably Virtumundo.
[06/13/2008, 16:45:00] - Assigning {32341E7E-C319-46DE-91D0-E30BB1A3CABA} MSEvents Object
[06/13/2008, 16:45:00] - BHO list has been changed! Starting over...
[06/13/2008, 16:45:00] - BHO 1: {00027925-0017-4faf-9539-90E4AC0B9EC5} (Band Class)
[06/13/2008, 16:45:00] - BHO 2: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[06/13/2008, 16:45:00] - BHO 3: {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
[06/13/2008, 16:45:00] - BHO 4: {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} ()
[06/13/2008, 16:45:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 16:45:00] - Checking for HKLM\...\Winlogon\Notify\yobqywhuos
[06/13/2008, 16:45:00] - Key not found: HKLM\...\Winlogon\Notify\yobqywhuos, continuing.
[06/13/2008, 16:45:00] - BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/13/2008, 16:45:00] - BHO 6: {32341E7E-C319-46DE-91D0-E30BB1A3CABA} (MSEvents Object)
[06/13/2008, 16:45:00] - ALERT: Found MSEvents Object!
[06/13/2008, 16:45:00] - BHO 7: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/13/2008, 16:45:00] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2008, 16:45:00] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/13/2008, 16:45:00] - BHO 10: {911A1534-8E65-448E-92AE-E22D49F870C4} (IEListener Class)
[06/13/2008, 16:45:00] - BHO 11: {9e754e0e-e11b-4599-95b6-0379076edddc} ()
[06/13/2008, 16:45:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 16:45:00] - Checking for HKLM\...\Winlogon\Notify\ojciipto
[06/13/2008, 16:45:00] - Key not found: HKLM\...\Winlogon\Notify\ojciipto, continuing.
[06/13/2008, 16:45:00] - BHO 12: {A062C93C-528E-685A-F739-7EA2E4EE49C6} ()
[06/13/2008, 16:45:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 16:45:00] - Checking for HKLM\...\Winlogon\Notify\ocubr
[06/13/2008, 16:45:00] - Key not found: HKLM\...\Winlogon\Notify\ocubr, continuing.
[06/13/2008, 16:45:00] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/13/2008, 16:45:00] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/13/2008, 16:45:00] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/13/2008, 16:45:00] - BHO 16: {C97C594F-DD3D-4FE1-A7F9-930FCA8945AE} ()
[06/13/2008, 16:45:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 16:45:00] - Checking for HKLM\...\Winlogon\Notify\vtUkkjih
[06/13/2008, 16:45:00] - Key not found: HKLM\...\Winlogon\Notify\vtUkkjih, continuing.
[06/13/2008, 16:45:00] - BHO 17: {D5792AA9-D373-4039-8670-2CDAB6A71F15} (WebManager Class)
[06/13/2008, 16:45:00] - BHO 18: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[06/13/2008, 16:45:00] - BHO 19: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/13/2008, 16:45:00] - Finished Searching Browser Helper Objects
[06/13/2008, 16:45:00] - *** Detected MSEvents Object
[06/13/2008, 16:45:00] - Trying to remove MSEvents Object...
[06/13/2008, 16:45:01] - Terminating Process: IEXPLORE.EXE
[06/13/2008, 16:45:02] - Terminating Process: RUNDLL32.EXE
[06/13/2008, 16:45:03] - Disabling Automatic Shell Restart
[06/13/2008, 16:45:03] - Terminating Process: EXPLORER.EXE
[06/13/2008, 16:45:04] - Suspending the NT Session Manager System Service
[06/13/2008, 16:45:06] - Terminating Windows NT Logon/Logoff Manager

[06/13/2008, 17:25:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\@\Local Settings\Temporary Internet Files\Content.IE5\YIIH8DZS\VirtumundoBeGone[1].exe" )
[06/13/2008, 17:25:37] - Detected System Information:
[06/13/2008, 17:25:37] - Windows Version: 5.1.2600, Service Pack 2
[06/13/2008, 17:25:37] - Current Username: @ (Admin)
[06/13/2008, 17:25:37] - Windows is in NORMAL mode.
[06/13/2008, 17:25:37] - Searching for Browser Helper Objects:
[06/13/2008, 17:25:37] - BHO 1: {00027925-0017-4faf-9539-90E4AC0B9EC5} (Band Class)
[06/13/2008, 17:25:37] - BHO 2: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[06/13/2008, 17:25:37] - BHO 3: {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
[06/13/2008, 17:25:37] - BHO 4: {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} ()
[06/13/2008, 17:25:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:25:37] - Checking for HKLM\...\Winlogon\Notify\yobqywhuos
[06/13/2008, 17:25:37] - Key not found: HKLM\...\Winlogon\Notify\yobqywhuos, continuing.
[06/13/2008, 17:25:37] - BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/13/2008, 17:25:37] - BHO 6: {32341E7E-C319-46DE-91D0-E30BB1A3CABA} (MSEvents Object)
[06/13/2008, 17:25:37] - ALERT: Found MSEvents Object!
[06/13/2008, 17:25:37] - BHO 7: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/13/2008, 17:25:37] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2008, 17:25:37] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/13/2008, 17:25:37] - BHO 10: {911A1534-8E65-448E-92AE-E22D49F870C4} (IEListener Class)
[06/13/2008, 17:25:37] - BHO 11: {95576F71-40A1-4660-B760-E1B033DE36A5} ()
[06/13/2008, 17:25:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:25:37] - Checking for HKLM\...\Winlogon\Notify\vtUkkjih
[06/13/2008, 17:25:37] - Key not found: HKLM\...\Winlogon\Notify\vtUkkjih, continuing.
[06/13/2008, 17:25:37] - BHO 12: {9e754e0e-e11b-4599-95b6-0379076edddc} ()
[06/13/2008, 17:25:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:25:37] - Checking for HKLM\...\Winlogon\Notify\ojciipto
[06/13/2008, 17:25:37] - Key not found: HKLM\...\Winlogon\Notify\ojciipto, continuing.
[06/13/2008, 17:25:37] - BHO 13: {A062C93C-528E-685A-F739-7EA2E4EE49C6} ()
[06/13/2008, 17:25:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:25:37] - Checking for HKLM\...\Winlogon\Notify\ocubr
[06/13/2008, 17:25:37] - Key not found: HKLM\...\Winlogon\Notify\ocubr, continuing.
[06/13/2008, 17:25:37] - BHO 14: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/13/2008, 17:25:37] - BHO 15: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/13/2008, 17:25:37] - BHO 16: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/13/2008, 17:25:37] - BHO 17: {D5792AA9-D373-4039-8670-2CDAB6A71F15} (WebManager Class)
[06/13/2008, 17:25:37] - BHO 18: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[06/13/2008, 17:25:37] - BHO 19: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/13/2008, 17:25:37] - Finished Searching Browser Helper Objects
[06/13/2008, 17:25:37] - *** Detected MSEvents Object
[06/13/2008, 17:25:37] - Trying to remove MSEvents Object...
[06/13/2008, 17:25:38] - Terminating Process: IEXPLORE.EXE
[06/13/2008, 17:25:39] - Terminating Process: RUNDLL32.EXE
[06/13/2008, 17:25:39] - Disabling Automatic Shell Restart
[06/13/2008, 17:25:39] - Terminating Process: EXPLORER.EXE
[06/13/2008, 17:25:40] - Suspending the NT Session Manager System Service
[06/13/2008, 17:25:41] - Terminating Windows NT Logon/Logoff Manager
[06/13/2008, 17:31:09] - Re-enabling Automatic Shell Restart
[06/13/2008, 17:31:09] - File to disable: C:\WINDOWS\system32\nnnljgGV.dll
[06/13/2008, 17:31:09] - Renaming C:\WINDOWS\system32\nnnljgGV.dll -> C:\WINDOWS\system32\nnnljgGV.dll.vir
[06/13/2008, 17:31:10] - File successfully renamed!
[06/13/2008, 17:31:10] - Removing HKLM\...\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
[06/13/2008, 17:31:10] - Removing HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
[06/13/2008, 17:31:10] - Adding Kill Bit for ActiveX for GUID: {32341E7E-C319-46DE-91D0-E30BB1A3CABA}
[06/13/2008, 17:31:10] - Deleting ATLEvents/MSEvents Registry entries
[06/13/2008, 17:31:10] - Removing HKLM\...\Winlogon\Notify\nnnljgGV
[06/13/2008, 17:31:10] - Searching for Browser Helper Objects:
[06/13/2008, 17:31:10] - BHO 1: {00027925-0017-4faf-9539-90E4AC0B9EC5} (Band Class)
[06/13/2008, 17:31:10] - BHO 2: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[06/13/2008, 17:31:10] - BHO 3: {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
[06/13/2008, 17:31:10] - BHO 4: {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} ()
[06/13/2008, 17:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:31:10] - Checking for HKLM\...\Winlogon\Notify\yobqywhuos
[06/13/2008, 17:31:10] - Key not found: HKLM\...\Winlogon\Notify\yobqywhuos, continuing.
[06/13/2008, 17:31:10] - BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/13/2008, 17:31:10] - BHO 6: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/13/2008, 17:31:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2008, 17:31:10] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/13/2008, 17:31:10] - BHO 9: {911A1534-8E65-448E-92AE-E22D49F870C4} (IEListener Class)
[06/13/2008, 17:31:10] - BHO 10: {95576F71-40A1-4660-B760-E1B033DE36A5} ()
[06/13/2008, 17:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:31:10] - Checking for HKLM\...\Winlogon\Notify\vtUkkjih
[06/13/2008, 17:31:10] - Key not found: HKLM\...\Winlogon\Notify\vtUkkjih, continuing.
[06/13/2008, 17:31:10] - BHO 11: {9e754e0e-e11b-4599-95b6-0379076edddc} ()
[06/13/2008, 17:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:31:10] - Checking for HKLM\...\Winlogon\Notify\ojciipto
[06/13/2008, 17:31:10] - Key not found: HKLM\...\Winlogon\Notify\ojciipto, continuing.
[06/13/2008, 17:31:10] - BHO 12: {A062C93C-528E-685A-F739-7EA2E4EE49C6} ()
[06/13/2008, 17:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 17:31:10] - Checking for HKLM\...\Winlogon\Notify\ocubr
[06/13/2008, 17:31:10] - Key not found: HKLM\...\Winlogon\Notify\ocubr, continuing.
[06/13/2008, 17:31:10] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/13/2008, 17:31:10] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/13/2008, 17:31:10] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/13/2008, 17:31:10] - BHO 16: {D5792AA9-D373-4039-8670-2CDAB6A71F15} (WebManager Class)
[06/13/2008, 17:31:10] - BHO 17: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[06/13/2008, 17:31:10] - BHO 18: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/13/2008, 17:31:10] - Finished Searching Browser Helper Objects
[06/13/2008, 17:31:10] - Finishing up...
[06/13/2008, 17:31:10] - A restart is needed.
[06/13/2008, 17:31:21] - Attempting to Restart via STOP error (Blue Screen!)

[06/13/2008, 18:04:32] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\@\Bureau\VirtumundoBeGone.exe" )
[06/13/2008, 18:05:02] - Detected System Information:
[06/13/2008, 18:05:02] - Windows Version: 5.1.2600, Service Pack 2
[06/13/2008, 18:05:02] - Current Username: @ (Admin)
[06/13/2008, 18:05:02] - Windows is in NORMAL mode.
[06/13/2008, 18:05:02] - Searching for Browser Helper Objects:
[06/13/2008, 18:05:02] - BHO 1: {00027925-0017-4faf-9539-90E4AC0B9EC5} (Band Class)
[06/13/2008, 18:05:02] - BHO 2: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[06/13/2008, 18:05:02] - BHO 3: {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
[06/13/2008, 18:05:02] - BHO 4: {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} ()
[06/13/2008, 18:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 18:05:02] - Checking for HKLM\...\Winlogon\Notify\yobqywhuos
[06/13/2008, 18:05:02] - Key not found: HKLM\...\Winlogon\Notify\yobqywhuos, continuing.
[06/13/2008, 18:05:02] - BHO 5: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/13/2008, 18:05:02] - BHO 6: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[06/13/2008, 18:05:02] - BHO 7: {6F9CC4A3-E23B-4071-ADE1-92DFD6E6F3ED} ()
[06/13/2008, 18:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 18:05:02] - Checking for HKLM\...\Winlogon\Notify\vtUkkjih
[06/13/2008, 18:05:02] - Key not found: HKLM\...\Winlogon\Notify\vtUkkjih, continuing.
[06/13/2008, 18:05:02] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2008, 18:05:02] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/13/2008, 18:05:02] - BHO 10: {911A1534-8E65-448E-92AE-E22D49F870C4} (IEListener Class)
[06/13/2008, 18:05:02] - BHO 11: {9e754e0e-e11b-4599-95b6-0379076edddc} ()
[06/13/2008, 18:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 18:05:02] - Checking for HKLM\...\Winlogon\Notify\ojciipto
[06/13/2008, 18:05:02] - Key not found: HKLM\...\Winlogon\Notify\ojciipto, continuing.
[06/13/2008, 18:05:02] - BHO 12: {A062C93C-528E-685A-F739-7EA2E4EE49C6} ()
[06/13/2008, 18:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2008, 18:05:02] - Checking for HKLM\...\Winlogon\Notify\ocubr
[06/13/2008, 18:05:02] - Key not found: HKLM\...\Winlogon\Notify\ocubr, continuing.
[06/13/2008, 18:05:02] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/13/2008, 18:05:02] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/13/2008, 18:05:02] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/13/2008, 18:05:02] - BHO 16: {D5792AA9-D373-4039-8670-2CDAB6A71F15} (WebManager Class)
[06/13/2008, 18:05:02] - BHO 17: {E1412445-4FF8-410e-8D24-F2CF86B171A4} (PEDEV_IEListener Class)
[06/13/2008, 18:05:02] - BHO 18: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/13/2008, 18:05:02] - Finished Searching Browser Helper Objects
[06/13/2008, 18:05:02] - Finishing up...
[06/13/2008, 18:05:02] - Nothing found! Exiting...

Réponse 3 / 31

higelin22 Messages postés 263 Statut Membre 15

fait exactement le post 1 et apres le post 2 dans l ordre
en effet tu as aussi un virus vundo et navilog ne pourra pas le supprimer
d ou le lien que je t ai mis
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

phi60420 Messages postés 169 Statut Membre 1

Logfile of HijackThis v1.99.1
Scan saved at 18:09:29, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\mrofinu1423.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.36.0\ZangoSA.exe
C:\Documents and Settings\@\pltklx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\WINDOWS\PPATCH~1\logonui.exe
C:\WINDOWS\??stem\n?pdb.exe
C:\Program Files\Zango\bin\10.3.36.0\Weather.exe
C:\Documents and Settings\@\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\@\Application Data\Microsoft\Windows\aldhsyj.exe
C:\Documents and Settings\@\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\@\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PAE.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=12040486&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=12039442&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\@\LOCALS~1\Temp\services.exe
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - C:\WINDOWS\System32\cdmdownld\yobqywhuos.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: (no name) - {6F9CC4A3-E23B-4071-ADE1-92DFD6E6F3ED} - C:\WINDOWS\system32\vtUkkjih.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - C:\PAE_BHO.dll
O2 - BHO: {cddde670-9730-6b59-9954-b11ee0e457e9} - {9e754e0e-e11b-4599-95b6-0379076edddc} - C:\WINDOWS\system32\ojciipto.dll
O2 - BHO: (no name) - {A062C93C-528E-685A-F739-7EA2E4EE49C6} - C:\WINDOWS\system32\ocubr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [smanp] C:\DOCUME~1\@\LOCALS~1\Temp\app1F40.tmp
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\@\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD325762E901F3D2933202228B284662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C681210C67D36D
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.36.0\ZangoSA.exe"
O4 - HKLM\..\Run: [swyeqoemyg] c:\windows\system32\swyeqoemyg.exe swyeqoemyg
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\@\pltklx.exe
O4 - HKLM\..\Run: [0ca0821b] rundll32.exe "C:\WINDOWS\system32\pcevfror.dll",b
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [Aesi] "C:\WINDOWS\PPATCH~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Pysibamc] C:\WINDOWS\??stem\n?pdb.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\@\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\@\Application Data\Microsoft\Windows\aldhsyj.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\@\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\@\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [A00F39E2D9F.exe] C:\DOCUME~1\@\LOCALS~1\Temp\_A00F39E2D9F.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [QdrPack17] "C:\Program Files\QdrPack\QdrPack17.exe"
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\hit80 Web hottest videos personal player.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk181YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {5FD9726A-4977-449D-8352-25FDD8A510B5} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_em_XP.cab
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c007689 - C:\WINDOWS\system32\__c007689.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 4 / 31

higelin22 Messages postés 263 Statut Membre 15

c'est une mauvaise version hijackthis
telecharge celle la et refait un rapport s t p

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

phi60420 Messages postés 169 Statut Membre 1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:39, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\mrofinu1423.exe
C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.36.0\ZangoSA.exe
C:\Documents and Settings\@\pltklx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\WINDOWS\PPATCH~1\logonui.exe
C:\WINDOWS\??stem\n?pdb.exe
C:\Program Files\Zango\bin\10.3.36.0\Weather.exe
C:\Documents and Settings\@\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\@\Application Data\Microsoft\Windows\aldhsyj.exe
C:\Documents and Settings\@\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\@\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PAE.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=12040486&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=12039442&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\@\LOCALS~1\Temp\services.exe
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [smanp] C:\DOCUME~1\@\LOCALS~1\Temp\app1F40.tmp
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\@\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD325762E901F3D2933202228B284662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C681210C67D36D
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.36.0\ZangoSA.exe"
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\@\pltklx.exe
O4 - HKLM\..\Run: [0ca0821b] rundll32.exe "C:\WINDOWS\system32\aaroeaht.dll",b
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [Aesi] "C:\WINDOWS\PPATCH~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Pysibamc] C:\WINDOWS\??stem\n?pdb.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\@\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\@\Application Data\Microsoft\Windows\aldhsyj.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\@\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\@\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [A00F39E2D9F.exe] C:\DOCUME~1\@\LOCALS~1\Temp\_A00F39E2D9F.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [QdrPack17] "C:\Program Files\QdrPack\QdrPack17.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\hit80 Web hottest videos personal player.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk181YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 31

Utilisateur anonyme

bonjour phi60420

ou en est tu avec navilog ?

phi60420 Messages postés 169 Statut Membre 1

Clean Navipromo version 3.5.8 commencé le 15/06/2008 à 19:52:31,11

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "@"

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\iamwiqimi.dat réalisée avec succès !
Copie C:\WINDOWS\system32\iamwiqimi.exe réalisée avec succès !
Copie C:\WINDOWS\system32\iamwiqimi_nav.dat réalisée avec succès !
Copie C:\WINDOWS\system32\iamwiqimi_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\iamwiqimi.dat supprimé !
C:\WINDOWS\system32\iamwiqimi.exe supprimé !
C:\WINDOWS\system32\iamwiqimi_nav.dat supprimé !
C:\WINDOWS\system32\iamwiqimi_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\@\locals~1\applic~1" *

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\@\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\@\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\@\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\@\menudm~1\progra~1" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\@\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\@\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 15/06/2008 à 19:57:05,31 ***

excuse et merci de t'intéréssé a moi

Réponse 6 / 31

Utilisateur anonyme

bonsoir

a tu fait Malwarebytes' Anti-Malware

poste le rapport stp

et refait un log hijackthis

phi60420 Messages postés 169 Statut Membre 1

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 854

20:34:15 14/06/2008
mbam-log-6-14-2008 (20-34-14).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 152280
Temps écoulé: 1 hour(s), 39 minute(s), 22 second(s)

Processus mémoire infecté(s): 11
Module(s) mémoire infecté(s): 9
Clé(s) du Registre infectée(s): 140
Valeur(s) du Registre infectée(s): 31
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 66
Fichier(s) infecté(s): 362

Processus mémoire infecté(s):
C:\WINDOWS\mrofinu1423.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\NoDNS\NoDNS.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\??pPatch\logonui.exe (Adware.ClickSpring) -> Unloaded process successfully.
C:\Documents and Settings\@\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Unloaded process successfully.
C:\Documents and Settings\@\Application Data\Microsoft\Windows\aldhsyj.exe (Trojan.Vundo) -> Unloaded process successfully.
C:\Documents and Settings\@\Application Data\WinTouch\WinTouch.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\@\Application Data\Microsoft\Windows\rayiou.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\Eroca\Eroca.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\Svconr\Svconr.exe (Adware.Agent) -> Unloaded process successfully.
C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe (Adware.180Solutions) -> Unloaded process successfully.
C:\Program Files\Zango\bin\10.3.36.0\Weather.exe (Adware.180Solutions) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\aaroeaht.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtUkkjih.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ocubr.dll (Adware.ClickSpring) -> Unloaded module successfully.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Unloaded module successfully.
C:\Program Files\PeDevice\PeDev.dll (Adware.Popups) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.36.0\HostOE.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.36.0\WeSkin.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.36.0\ZangoSAHook.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\WINDOWS\system32\__c007689.dat (Trojan.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dfd8f1b5-7b88-409a-8256-3c77c48f222e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dfd8f1b5-7b88-409a-8256-3c77c48f222e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a062c93c-528e-685a-f739-7ea2e4ee49c6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a062c93c-528e-685a-f739-7ea2e4ee49c6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cd-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d2-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d3-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d5-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d7-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0db-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mp.mediapops (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mp.mediapops.1 (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pae_bho.pedev_ielistener (Adware.Popups) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e47627b-d89e-442b-82a6-f2fab368621b} (Adware.Popups) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1412445-4ff8-410e-8d24-f2cf86b171a4} (Adware.Popups) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1412445-4ff8-410e-8d24-f2cf86b171a4} (Adware.Popups) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pae_bho.pedev_ielistener.1 (Adware.Popups) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wintouch (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007689 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Svconr (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISM (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ca0821b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpeedRunner (Adware.SpeedRunner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfKg6wIP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinTouch (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfKg6w (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Eroca (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svconr (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aesi (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WebSUpdater (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZangoOE (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WeatherDPA (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZangoSA (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SDR6V_Check (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QdrPack17 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\A00F39E2D9F.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.36.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Flash Media (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkjih -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkjih -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Heuristics.Reserved.Word.Exploit) -> Data: c:\docume~1\@\locals~1\temp\services.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\@\LOCALS~1\Temp\services.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Zango (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.36.0 (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.36.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.36.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.36.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.36.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\@ (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\Application Data (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\Documents and Settings (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\@ (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\Application Data (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\Documents and Settings (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\ShoppingReport\cs\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice (Adware.Popups) -> Delete on reboot.
C:\Program Files\PeDevice\tmp (Adware.Popups) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Delete on reboot.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> Delete on reboot.
C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> Delete on reboot.
C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\Application Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\cs (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Eroca (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\aaroeaht.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\thaeoraa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlylyene.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eneylyld.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuccekog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gokeccuf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcevfror.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rorfvecp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfwvlvbf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbvlvwfs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkkjih.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hijkkUtv.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hijkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ocubr.dll (Adware.ClickSpring) -> Delete on reboot.
C:\WINDOWS\mrofinu1423.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\NoDNS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\??pPatch\logonui.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\Microsoft\Windows\aldhsyj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\WinTouch\WinTouch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\Microsoft\Windows\rayiou.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Eroca\Eroca.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Svconr\Svconr.exe (Adware.Agent) -> Delete on reboot.
C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.36.0\CoreSrv.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\PeDevice\PeDev.dll (Adware.Popups) -> Delete on reboot.
C:\updaterInstall_108.exe (Trojan.KeenValue) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\kujhzr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\nlfdjg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\SpeedRunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Application Data\WinTouch\WTUninstaller.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Local Settings\Temporary Internet Files\Content.IE5\AX19DALM\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\@\Local Settings\Temporary Internet Files\Content.IE5\TRXN4P0K\afj[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\CPV\CPV7.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\CPV\CPV8.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\Messenger\qisyveho777444.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\Program Files\Messenger\qisyveho821058.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack16.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spc.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spcron_old.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1003\A0475695.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1003\A0475726.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1003\A0475727.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1003\A0475729.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1004\A0477828.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1004\A0477830.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1004\A0478817.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1004\A0478818.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1004\A0478819.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1004\A0478820.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1006\A0487963.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1008\A0490055.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1008\A0490061.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1008\A0490062.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1010\A0493194.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1012\A0498209.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1013\A0501306.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1013\A0501307.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1013\A0501308.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1013\A0501309.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1013\A0501310.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1018\A0509463.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1018\A0509464.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1018\A0509465.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1019\A0509490.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1019\A0513519.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP1019\A0515577.dll (Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384289.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384290.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384291.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384292.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384293.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384294.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP917\A0384295.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP918\A0384296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP919\A0384374.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP919\A0384381.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP919\A0384384.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP920\A0384413.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP920\A0384414.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP920\A0384415.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP920\A0384416.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP920\A0384417.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP922\A0387380.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP922\A0387382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP923\A0387417.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP923\A0387418.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP923\A0387419.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP923\A0388381.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP923\A0388382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP924\A0389380.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP924\A0389409.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP926\A0390382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP926\A0391382.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP927\A0391411.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP927\A0391414.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP928\A0391479.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP928\A0391488.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP929\A0392519.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP929\A0392521.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP929\A0392528.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP929\A0392531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP930\A0393527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP930\A0393528.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP930\A0393530.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP930\A0394522.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP932\A0395542.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP932\A0395543.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP932\A0395544.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP932\A0395565.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP932\A0395569.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP932\A0396522.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP934\A0396549.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP934\A0396550.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP935\A0396585.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP935\A0396586.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP935\A0396587.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP935\A0396588.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP935\A0396590.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP936\A0396609.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP936\A0396610.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP936\A0396614.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP936\A0396618.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP936\A0396641.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP940\A0400725.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP940\A0400726.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP943\A0403728.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP943\A0403729.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP945\A0403870.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP945\A0403874.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP945\A0404870.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP946\A0404885.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP948\A0407885.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP948\A0407886.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP949\A0408870.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP949\A0408871.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP950\A0409889.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP951\A0409970.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP951\A0409971.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP953\A0414055.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP955\A0418126.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP957\A0420305.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP957\A0420306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP957\A0420311.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP958\A0425314.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP959\A0426388.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP960\A0427532.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP960\A0427533.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP960\A0427534.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP962\A0428591.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP963\A0430584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP964\A0431666.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP964\A0431667.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP964\A0431671.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP964\A0431672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP964\A0431673.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP964\A0431674.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP965\A0435718.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP967\A0437739.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP968\A0438736.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP971\A0440897.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP973\A0441053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP974\A0441094.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP974\A0441095.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP974\A0441110.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP974\A0441124.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP975\A0442133.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP975\A0442150.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP980\A0444392.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP980\A0444393.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP981\A0444487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP983\A0448562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP985\A0454849.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP985\A0454850.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP985\A0454851.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP985\A0454852.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP985\A0454853.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP986\A0455836.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP986\A0455837.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP986\A0455838.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP986\A0455858.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP986\A0456891.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP990\A0458088.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP991\A0462147.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP993\A0464203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP994\A0465194.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP994\A0465195.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP994\A0466191.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP994\A0466195.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP994\A0466206.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP995\A0468273.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP998\A0471428.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP998\A0471429.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B92E9E04-95AA-45A4-B2FE-C44C1B9F7C37}\RP999\A0473516.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes1423.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted

Réponse 7 / 31

higelin22 Messages postés 263 Statut Membre 15

oui dis donc tu es vachement infectè
telecharge malwarebytes

fais un scan et poste le (scan complet)
https://forum.pcastuces.com/sujet.asp?f=31&s=3

tu en as au moins pour 3 heures

Réponse 8 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonjour

Higelin, le rapport que tu vois est justement celui de MalwareByte's ... aie...aie...aie

Je ne sais pas ce que tu fais avec ce PC, mais tes rapports, c'est quelque chose...
Il va falloir changer ta façon de faire à l'avenir !

Sur demande Shion ares, je prends le relai ;)

Reposte un nouveau rapport HijackThis stp.

@ suivre.

Réponse 9 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

Je ne serais pas la cette après midi, tu peux déjà par la suite faire cela :

Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Télécharge SDFix d' AndyManchesta

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.

2) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

4) Rapports :

Poste un nouveau rapport HijackThis et le rapport de SDFix en réponse.

@ ce soir.

phi60420 Messages postés 169 Statut Membre 1

[b]SDFix: Version 1.192 [/b]
Run by @ on 16/06/2008 at 18:15

Microsoft Windows XP [version 5.1.2600]
Running From: C:\bureau\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 19:56:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:1cacc672
"s1"=dword:605cf174
"s2"=dword:d8bee2eb
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,93,69,3a,50,32,60,36,07,50,60,d5,03,b6,40,34,a7,a9,8d,c9,91,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:13,2d,64,8e,b4,c4,27,1d,a3,e9,1d,bd,14,72,ae,41,8b,ea,72,16,b7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,93,69,3a,50,32,60,36,07,50,60,d5,03,b6,40,34,a7,a9,8d,c9,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:13,2d,64,8e,b4,c4,27,1d,a3,e9,1d,bd,14,72,ae,41,8b,ea,72,16,b7,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Documents and Settings\\@\\Bureau\\PHILIPPE\\facade\\eMule\\emule.exe"="C:\\Documents and Settings\\@\\Bureau\\PHILIPPE\\facade\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Xolox\\XoloxEXE.exe"="C:\\Program Files\\Xolox\\XoloxEXE.exe:*:Enabled:Xolox"
"C:\\Starcraft\\StarCraft.exe"="C:\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa Media Desktop"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Documents and Settings\\@\\pltklx.exe"="C:\\Documents and Settings\\@\\pltklx.exe:*:Enabled:Nvidia"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Wed 2 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 25 Aug 2006 617,472 A.SH. --- "C:\WINDOWS\system32\comctl32.dll"
Mon 9 Jun 2008 1,583,398 A.SH. --- "C:\WINDOWS\system32\gokeccuf.tmp"
Mon 9 Jun 2008 1,579,729 ..SH. --- "C:\WINDOWS\system32\hhttscim.tmp"
Fri 20 Aug 2004 1,028,096 A.SH. --- "C:\WINDOWS\system32\mfc42.dll"
Fri 30 Aug 2002 57,344 A.SH. --- "C:\WINDOWS\system32\mfc42loc.dll"
Fri 20 Aug 2004 413,696 A.SH. --- "C:\WINDOWS\system32\msvcp60.dll"
Fri 20 Aug 2004 343,040 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll"
Fri 30 Aug 2002 253,952 A.SH. --- "C:\WINDOWS\system32\msvcrt20.dll"
Fri 20 Aug 2004 30,749 A.SH. --- "C:\WINDOWS\system32\vbajet32.dll"
Tue 12 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Nov 2005 462 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiD38.tmp"
Mon 5 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 23 Dec 2006 1,077 A..H. --- "C:\Program Files\Fichiers communs\AOL\IPHSend\IPH.BAK"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT40.tmp"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT6.tmp"
Tue 12 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\@\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Tue 12 Sep 2006 20 A..H. --- "C:\Documents and Settings\@\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue 12 Sep 2006 400 A.SH. --- "C:\Documents and Settings\@\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sat 22 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

[b]Finished![/b]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:08, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\@\pltklx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\updater\wupdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PAE.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=12040486&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - C:\WINDOWS\System32\cdmdownld\yobqywhuos.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - C:\PAE_BHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\@\pltklx.exe
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pysibamc] C:\WINDOWS\??stem\n?pdb.exe
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [Aesi] "C:\WINDOWS\PPATCH~1\logonui.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\hit80 Web hottest videos personal player.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk181YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 10 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonsoir Phi

Bien joué, on continue :

Télécharge ComboFix.exe de sUBs sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte toi du net et désactive ton antivirus pour que ComboFix puisse s'exécuter normalement. /!\

Double clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisé à vos risques et avec aucune garantie..".
Accepte en cliquant sur "Oui"
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\ Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

@ suivre

phi60420 Messages postés 169 Statut Membre 1

ComboFix 08-06-15.4 - @ 2008-06-16 23:50:04.3 - NTFSx86
Endroit: C:\Documents and Settings\@\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-16 22:23 . 2008-06-16 22:23 <REP> d-------- C:\Program Files\Avira
2008-06-16 22:23 . 2008-06-16 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-16 22:15 . 2008-06-16 22:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-16 22:15 . 2008-06-16 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 20:27 . 2008-06-16 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 17:09 . 2008-06-15 17:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-14 20:46 . 2008-06-14 20:46 <REP> d----c--- C:\bureau
2008-06-14 20:43 . 2008-06-14 01:37 <REP> d----c--- C:\SDFix
2008-06-14 18:29 . 2008-06-14 18:29 <REP> d-------- C:\Program Files\mjc
2008-06-13 16:07 . 2008-06-13 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-13 16:07 . 2008-06-13 16:07 <REP> d----c--- C:\Documents and Settings\@\Application Data\Malwarebytes
2008-06-13 16:06 . 2008-06-14 16:28 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 16:06 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 16:06 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 13:49 . 2008-06-15 19:57 <REP> d-------- C:\Program Files\Navilog1
2008-06-13 13:41 . 2008-06-16 23:25 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-06-13 13:24 . 2008-06-13 13:24 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 18:56 . 2008-06-12 18:56 <REP> d----c--- C:\tmp
2008-06-12 18:56 . 2008-06-12 18:56 190 --a--c--- C:\statistic.xml
2008-06-12 18:29 . 2008-06-12 18:29 <REP> d-------- C:\Program Files\iCheck
2008-06-12 18:29 . 2008-06-12 18:29 <REP> d-------- C:\Program Files\GetPack
2008-06-12 18:29 . 2008-06-16 20:06 <REP> d-------- C:\Program Files\GetModule
2008-06-11 16:36 . 2008-06-11 16:36 54,427 --a--c--- C:\Documents and Settings\@\pltklx.exe
2008-06-09 22:28 . 2008-06-09 22:28 1,583,398 --ahs---- C:\WINDOWS\system32\gokeccuf.tmp
2008-06-09 18:32 . 2008-06-09 18:32 1,579,729 ---hs---- C:\WINDOWS\system32\hhttscim.tmp
2008-06-08 20:18 . 2008-06-08 20:19 <REP> d-------- C:\Program Files\Virtools Web Player 3.5
2008-06-06 17:42 . 2008-06-06 17:42 <REP> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-05 18:23 . 2008-06-05 18:23 <REP> d----c--- C:\Documents and Settings\@\Application Data\dvdcss
2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm
2008-05-30 18:56 . 2008-05-30 18:56 <REP> d-------- C:\Games
2008-05-23 04:55 . 2008-05-23 04:55 <REP> d----c--- C:\Documents and Settings\@\Application Data\Documents and Settings
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
2008-05-23 00:19 . 2008-05-23 00:19 416 --a--c--- C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a--c--- C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 11:55 . 2008-05-19 11:55 <REP> d----c--- C:\Documents and Settings\@\Application Data\@

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-06-16 21:38 --------- d-----w C:\Program Files\QuickTime
2008-06-16 21:30 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-16 21:22 --------- d-----w C:\Program Files\DivX
2008-06-16 21:18 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-06-16 21:01 --------- d-----w C:\Program Files\Common Files
2008-06-16 19:31 --------- d-----w C:\Program Files\Picasa2
2008-06-16 18:28 --------- d-----w C:\Program Files\Google
2008-06-15 15:01 --------- d-----w C:\Program Files\BitComet
2008-06-06 15:41 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-05-08 14:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-08 14:41 --------- dc----w C:\Documents and Settings\@\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 16:41 1,220 -c--a-w C:\Documents and Settings\@\nqyorx.exe
2008-05-03 10:54 --------- dc----w C:\Documents and Settings\@\Application Data\Application Data
2008-05-02 13:49 89,243 -c--a-w C:\Documents and Settings\@\xizipa.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-05 13:48 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2008-03-27 15:44 827 -c--a-w C:\Documents and Settings\@\dnusnf.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 16:51 4,096 -c--a-w C:\Documents and Settings\@\cbctfe.exe
2008-03-13 16:51 12,288 -c--a-w C:\Documents and Settings\@\kgpciy.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\xqpebh.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\xedlmd.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\uxmyyr.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\mkxlgo.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\hlqwik.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\ftrzqo.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\fmqqid.exe
2008-03-12 23:01 9,296 -c--a-w C:\Documents and Settings\@\cykymy.exe
2008-03-10 09:45 9,296 -c--a-w C:\Documents and Settings\@\malhqh.exe
2008-03-07 12:18 9,296 -c--a-w C:\Documents and Settings\@\cnyzhw.exe
2007-04-25 11:15 56,842,460 -c--a-w C:\Program Files\cp_neuf_v1.2.exe
2007-03-17 19:13 265,136 -c--a-w C:\Program Files\Appartement_3D_2006_Telecharger{75474}.exe
2007-03-17 18:15 4,056,554 -c--a-w C:\Program Files\ihp_kitchen1_6_2.exe
2007-03-11 20:32 900,857 -c--a-w C:\Program Files\mp3codec.zip
2007-03-05 01:29 643,144 -c----w C:\Program Files\XviD-1.1.2-01112006.exe
2007-01-07 12:00 7,350,919 -c--a-w C:\Program Files\jecreemacuisineavecleroymerlin-1_0_0.exe
2007-01-02 18:25 5,297,976 -c--a-w C:\Program Files\picasaweb-current-setup.exe
2006-12-28 08:29 1,923,290 -c--a-w C:\Program Files\cdex_151.zip
2006-09-22 17:20 0 -c--a-w C:\Program Files\temp2.exe.txt
2006-03-23 17:20 54 -c--a-w C:\Program Files\bit3.bat
2006-03-23 17:20 54 -c--a-w C:\Program Files\bit2.bat
2006-03-23 17:20 54 -c--a-w C:\Program Files\bit.bat
2006-03-23 17:20 0 -c--a-w C:\Program Files\temp3.exe.txt
2006-03-23 17:20 0 -c--a-w C:\Program Files\temp1.exe.txt
2006-03-23 17:18 116,224 -c--a-w C:\Program Files\bit2.exe
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1999-06-26 10:38 6,193 -c--a-r C:\Program Files\radium.nfo
1999-06-26 09:58 904,328 -c--a-r C:\Program Files\setupl3c.exe
2006-03-28 15:25 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
2006-07-05 10:56 192 -csh--r C:\WINDOWS\inf\sdatabl.sav.bin
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2002-08-30 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-30 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-19 23:09 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_ 7.13.44.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 04:58:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 17:52:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-15 15:09:58 11,857,920 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-06-16 16:09:24 11,857,920 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-06-15 15:09:58 303,104 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-06-16 16:09:24 303,104 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5}]
C:\WINDOWS\eltt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0755AEB9-CD5C-85D8-E73C-969940E7FCDC}]
C:\WINDOWS\System32\cdmdownld\yobqywhuos.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2006-12-22 14:06 126976 --a------ C:\Program Files\BitDownload\TorrentManager.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSScheduler"="C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll" [2005-11-18 20:59 77865]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 06:00 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:26 68856]
"Pysibamc"="C:\WINDOWS\??stem\n?pdb.exe" [ ]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 11:08 350208]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-09 23:40 351744]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-14 18:29 145408]
"Aesi"="C:\WINDOWS\PPATCH~1\logonui.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 16:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 16:19 323584 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [2000-10-16 00:00 32768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2006-11-17 13:41 71216]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
"TopSearch"="C:\Program Files\TopSearch\TopSearch.exe" [ ]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 19:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 22:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-12-08 16:38 245760]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-01-28 17:48 180224]
"InstaFinderK"="C:\Program Files\INSTAFINK\InstaFinderK_inst.exe" [ ]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46 238936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Nvidia"="C:\Documents and Settings\@\pltklx.exe" [2008-06-11 16:36 54427]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-20 19:03:55 113664]
Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\ComboFix\lnkread.vbs".
L'ex‚cution du script a pris fin.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Documents and Settings\\@\\Bureau\\PHILIPPE\\facade\\eMule\\emule.exe"=
"C:\\Program Files\\Xolox\\XoloxEXE.exe"=
"C:\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Documents and Settings\\@\\pltklx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24563:TCP"= 24563:TCP:BitComet 24563 TCP
"24563:UDP"= 24563:UDP:BitComet 24563 UDP

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - GUSVC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-16 21:00:00 C:\WINDOWS\Tasks\A75FCFC891884314.job"
- c:\docume~1\@\applic~1\upload~1\Heckinsideacid.exe
"2008-06-16 20:01:00 C:\WINDOWS\Tasks\Recherche de mises à jour sur McAfee.com (POLIAKHOVITCH-@).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-06-16 21:53:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-16 21:01:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 23:53:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
Temps d'accomplissement: 2008-06-16 23:59:18
ComboFix-quarantined-files.txt 2008-06-16 21:58:16
ComboFix2.txt 2008-06-16 05:39:43

Pre-Run: 15,231,422,464 octets libres
Post-Run: 15,364,272,128 octets libres

249 --- E O F --- 2008-06-16 01:06:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01:09, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Documents and Settings\@\pltklx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PAE.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - C:\WINDOWS\System32\cdmdownld\yobqywhuos.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - C:\PAE_BHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\@\pltklx.exe
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pysibamc] C:\WINDOWS\??stem\n?pdb.exe
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [Aesi] "C:\WINDOWS\PPATCH~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk181YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBMSoftware - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 11 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

Je regarde cela des que je peux et te dis quoi faire.

Par contre, je suis au taff, donc je ne garantie pas la rapidité de ma réponse ... dans le pire des cas, je ferais cela au petit matin une fois de retour chez moi ;)

@ suivre

Réponse 12 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonjour Phi60420

Comme promis , je suis de retour :

ComboFix avec CFScript :

* Sélectionne le texte suivant (en gras) dans son intégralité :

Driver::
FileDeleter

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0755AEB9-CD5C-85D8-E73C-969940E7FCDC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSScheduler"=-
"Pysibamc"=-
"GetPack18"=-
"GetModule18"=-
"Aesi"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TopSearch"=-
"InstaFinderK"=-
"Nvidia"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
[-HKEY_CURRENT_USER\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]

File::
C:\PAE.exe
C:\WINDOWS\eltt.dll
C:\WINDOWS\System32\cdmdownld\yobqywhuos.dll
C:\Program Files\BitDownload\TorrentManager.dll
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Fichiers communs\GMT\GMT.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\WINDOWS\system32\gokeccuf.tmp
C:\WINDOWS\system32\hhttscim.tmp
C:\WINDOWS\iun6002.exe
C:\WINDOWS\Tasks\A75FCFC891884314.job
C:\Documents and Settings\@\pltklx.exe
C:\Documents and Settings\@\nqyorx.exe
C:\Documents and Settings\@\xizipa.exe
C:\Documents and Settings\@\dnusnf.exe
C:\Documents and Settings\@\cbctfe.exe
C:\Documents and Settings\@\kgpciy.exe
C:\Documents and Settings\@\xqpebh.exe
C:\Documents and Settings\@\xedlmd.exe
C:\Documents and Settings\@\uxmyyr.exe
C:\Documents and Settings\@\mkxlgo.exe
C:\Documents and Settings\@\hlqwik.exe
C:\Documents and Settings\@\ftrzqo.exe
C:\Documents and Settings\@\fmqqid.exe
C:\Documents and Settings\@\cykymy.exe
C:\Documents and Settings\@\malhqh.exe
C:\Documents and Settings\@\cnyzhw.exe
C:\Program Files\temp2.exe.txt
C:\Program Files\bit3.bat
C:\Program Files\bit2.bat
C:\Program Files\bit.bat
C:\Program Files\temp3.exe.txt
C:\Program Files\temp1.exe.txt
C:\Program Files\bit2.exe
C:\WINDOWS\system32\dpufr.qm
C:\WINDOWS\system32\dsm_fr.qm
C:\WINDOWS\system32\dtu_fr.qm

Folder::
C:\Program Files\FBM Software
C:\WINDOWS\System32\cdmdownld
C:\Program Files\BitDownload
C:\WINDOWS\??stem
C:\Program Files\GetPack
C:\Program Files\GetModule
C:\WINDOWS\PPATCH~1
C:\Program Files\TopSearch
C:\Program Files\INSTAFINK
C:\Program Files\Date Manager
C:\Program Files\Fichiers communs\GMT
C:\Program Files\PrecisionTime
C:\Program Files\BitComet

* Copie le texte sélectionné (CTRL+C).
* Ouvre le Bloc-notes (Démarrer / Tous les Programmes>Accessoires >bloc-notes).
* Colle le texte copié dans ce Bloc-notes (CTRL+V).
* Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript.txt

/!\ Déconnecte toi du net et désactive ton antivirus pour que ComboFix puisse s'exécuter normalement. /!\

Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe ( sur ton Bureau)

Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

(Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

@ suivre

phi60420 Messages postés 169 Statut Membre 1

ComboFix 08-06-15.4 - @ 2008-06-17 11:44:10.1 - NTFSx86
Endroit: C:\Documents and Settings\@\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\@\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\@\cbctfe.exe
C:\Documents and Settings\@\cnyzhw.exe
C:\Documents and Settings\@\cykymy.exe
C:\Documents and Settings\@\dnusnf.exe
C:\Documents and Settings\@\fmqqid.exe
C:\Documents and Settings\@\ftrzqo.exe
C:\Documents and Settings\@\hlqwik.exe
C:\Documents and Settings\@\kgpciy.exe
C:\Documents and Settings\@\malhqh.exe
C:\Documents and Settings\@\mkxlgo.exe
C:\Documents and Settings\@\nqyorx.exe
C:\Documents and Settings\@\pltklx.exe
C:\Documents and Settings\@\uxmyyr.exe
C:\Documents and Settings\@\xedlmd.exe
C:\Documents and Settings\@\xizipa.exe
C:\Documents and Settings\@\xqpebh.exe
C:\PAE.exe
C:\Program Files\bit.bat
C:\Program Files\bit2.bat
C:\Program Files\bit2.exe
C:\Program Files\bit3.bat
C:\Program Files\BitDownload\TorrentManager.dll
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Fichiers communs\GMT\GMT.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Program Files\temp1.exe.txt
C:\Program Files\temp2.exe.txt
C:\Program Files\temp3.exe.txt
C:\WINDOWS\eltt.dll
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\cdmdownld\yobqywhuos.dll
C:\WINDOWS\system32\dpufr.qm
C:\WINDOWS\system32\dsm_fr.qm
C:\WINDOWS\system32\dtu_fr.qm
C:\WINDOWS\system32\gokeccuf.tmp
C:\WINDOWS\system32\hhttscim.tmp
C:\WINDOWS\Tasks\A75FCFC891884314.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\@\cbctfe.exe
C:\Documents and Settings\@\dnusnf.exe
C:\Documents and Settings\@\fmqqid.exe
C:\Documents and Settings\@\ftrzqo.exe
C:\Documents and Settings\@\hlqwik.exe
C:\Documents and Settings\@\kgpciy.exe
C:\Documents and Settings\@\malhqh.exe
C:\Documents and Settings\@\mkxlgo.exe
C:\Documents and Settings\@\nqyorx.exe
C:\Documents and Settings\@\pltklx.exe
C:\Documents and Settings\@\uxmyyr.exe
C:\Documents and Settings\@\xedlmd.exe
C:\Documents and Settings\@\xizipa.exe
C:\Documents and Settings\@\xqpebh.exe
C:\PAE.exe
C:\Program Files\bit.bat
C:\Program Files\bit2.bat
C:\Program Files\bit3.bat
C:\Program Files\BitComet
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\BitComet.url
C:\Program Files\BitComet\BitComet.xml
C:\Program Files\BitComet\ChangeLog.txt
C:\Program Files\BitComet\CRASH.DMP
C:\Program Files\BitComet\CRASH.ZIP
C:\Program Files\BitComet\CRASHLOG.DAT
C:\Program Files\BitComet\CRASHLOG.TXT
C:\Program Files\BitComet\CrashReport.exe
C:\Program Files\BitComet\dbghelp.dll
C:\Program Files\BitComet\Downloads.xml
C:\Program Files\BitComet\fav\ad\previewdlg_en_us.htm
C:\Program Files\BitComet\fav\ad\previewdlg_zh_cn.htm
C:\Program Files\BitComet\fav\ad\previewwnd_en_us.htm
C:\Program Files\BitComet\fav\ad\previewwnd_zh_cn.htm
C:\Program Files\BitComet\fav\ad\pv_dlg.swf
C:\Program Files\BitComet\fav\ad\pv_wnd.swf
C:\Program Files\BitComet\fav\download-complete.wav
C:\Program Files\BitComet\fav\fav_bg_bg.xml
C:\Program Files\BitComet\fav\fav_ca_es.xml
C:\Program Files\BitComet\fav\fav_de_de.xml
C:\Program Files\BitComet\fav\fav_el_gr.xml
C:\Program Files\BitComet\fav\fav_en_us.xml
C:\Program Files\BitComet\fav\fav_es_es.xml
C:\Program Files\BitComet\fav\fav_fi_fi.xml
C:\Program Files\BitComet\fav\fav_he_il.xml
C:\Program Files\BitComet\fav\fav_hu_hu.xml
C:\Program Files\BitComet\fav\fav_it_it.xml
C:\Program Files\BitComet\fav\fav_jp_jp.xml
C:\Program Files\BitComet\fav\fav_ko_kr.xml
C:\Program Files\BitComet\fav\fav_lv_lv.xml
C:\Program Files\BitComet\fav\fav_nl_nl.xml
C:\Program Files\BitComet\fav\fav_pl_pl.xml
C:\Program Files\BitComet\fav\fav_pt_br.xml
C:\Program Files\BitComet\fav\fav_pt_pt.xml
C:\Program Files\BitComet\fav\fav_ru_ru.xml
C:\Program Files\BitComet\fav\fav_sl_si.xml
C:\Program Files\BitComet\fav\fav_th_th.xml
C:\Program Files\BitComet\fav\fav_uk_ua.xml
C:\Program Files\BitComet\fav\fav_va_es.xml
C:\Program Files\BitComet\fav\fav_vi_vn.xml
C:\Program Files\BitComet\fav\fav_zh_cn.xml
C:\Program Files\BitComet\fav\fav_zh_tw.xml
C:\Program Files\BitComet\fav\HowTo-AddYourSite.txt
C:\Program Files\BitComet\fav\introduce_zh_cn.mht
C:\Program Files\BitComet\fav\passport_info_en_us.mht
C:\Program Files\BitComet\fav\passport_info_zh_cn.mht
C:\Program Files\BitComet\fav\search_el_gr.mht
C:\Program Files\BitComet\fav\search_en_us.mht
C:\Program Files\BitComet\fav\search_uk_ua.mht
C:\Program Files\BitComet\fav\search_zh_cn.mht
C:\Program Files\BitComet\Favourite.xml
C:\Program Files\BitComet\lang\HowTo-Translate.txt
C:\Program Files\BitComet\lang\lang_ar_ae.xml
C:\Program Files\BitComet\lang\lang_ba_ba.xml
C:\Program Files\BitComet\lang\lang_ba_eu.xml
C:\Program Files\BitComet\lang\lang_bg_bg.xml
C:\Program Files\BitComet\lang\lang_ca_es.xml
C:\Program Files\BitComet\lang\lang_cz_cz.xml
C:\Program Files\BitComet\lang\lang_da_dk.xml
C:\Program Files\BitComet\lang\lang_de_de.xml
C:\Program Files\BitComet\lang\lang_el_gr.xml
C:\Program Files\BitComet\lang\lang_en_us.xml
C:\Program Files\BitComet\lang\lang_es_ar.xml
C:\Program Files\BitComet\lang\lang_es_es.xml
C:\Program Files\BitComet\lang\lang_et_ee.xml
C:\Program Files\BitComet\lang\lang_fi_fi.xml
C:\Program Files\BitComet\lang\lang_fr_fr.xml
C:\Program Files\BitComet\lang\lang_gl_es.xml
C:\Program Files\BitComet\lang\lang_he_il.xml
C:\Program Files\BitComet\lang\lang_hr_hr.xml
C:\Program Files\BitComet\lang\lang_hu_hu.xml
C:\Program Files\BitComet\lang\lang_it_it.xml
C:\Program Files\BitComet\lang\lang_jp_jp.xml
C:\Program Files\BitComet\lang\lang_ko_kr.xml
C:\Program Files\BitComet\lang\lang_lt_lt.xml
C:\Program Files\BitComet\lang\lang_lv_lv.xml
C:\Program Files\BitComet\lang\lang_nb_no.xml
C:\Program Files\BitComet\lang\lang_nl_nl.xml
C:\Program Files\BitComet\lang\lang_pl_pl.xml
C:\Program Files\BitComet\lang\lang_pt_br.xml
C:\Program Files\BitComet\lang\lang_pt_pt.xml
C:\Program Files\BitComet\lang\lang_ro_ro.xml
C:\Program Files\BitComet\lang\lang_ru_ru.xml
C:\Program Files\BitComet\lang\lang_sk_sk.xml
C:\Program Files\BitComet\lang\lang_sl_si.xml
C:\Program Files\BitComet\lang\lang_sq_al.xml
C:\Program Files\BitComet\lang\lang_sr_sr.xml
C:\Program Files\BitComet\lang\lang_sv_se.xml
C:\Program Files\BitComet\lang\lang_th_th.xml
C:\Program Files\BitComet\lang\lang_tr_tr.xml
C:\Program Files\BitComet\lang\lang_uk_ua.xml
C:\Program Files\BitComet\lang\lang_va_es.xml
C:\Program Files\BitComet\lang\lang_vi_vn.xml
C:\Program Files\BitComet\lang\lang_zh_cn.xml
C:\Program Files\BitComet\lang\lang_zh_tw.xml
C:\Program Files\BitComet\License.txt
C:\Program Files\BitComet\ReadMe.txt
C:\Program Files\BitComet\rules\dhtnodes.dat
C:\Program Files\BitComet\rules\tracker.dat
C:\Program Files\BitComet\scripts\flv_15150.lua
C:\Program Files\BitComet\scripts\flv_155.lua
C:\Program Files\BitComet\scripts\flv_163888.lua
C:\Program Files\BitComet\scripts\flv_17173.lua
C:\Program Files\BitComet\scripts\flv_21gt.lua
C:\Program Files\BitComet\scripts\flv_516.lua
C:\Program Files\BitComet\scripts\flv_51tv.lua
C:\Program Files\BitComet\scripts\flv_56.lua
C:\Program Files\BitComet\scripts\flv_5show.lua
C:\Program Files\BitComet\scripts\flv_5t.lua
C:\Program Files\BitComet\scripts\flv_6rooms.lua
C:\Program Files\BitComet\scripts\flv_91vc.lua
C:\Program Files\BitComet\scripts\flv_9you.lua
C:\Program Files\BitComet\scripts\flv_bebo.lua
C:\Program Files\BitComet\scripts\flv_cnboo.lua
C:\Program Files\BitComet\scripts\flv_collegehumor.lua
C:\Program Files\BitComet\scripts\flv_dailymotion.lua
C:\Program Files\BitComet\scripts\flv_dumpalink.lua
C:\Program Files\BitComet\scripts\flv_dusee.lua
C:\Program Files\BitComet\scripts\flv_einhand.lua
C:\Program Files\BitComet\scripts\flv_feesee.lua
C:\Program Files\BitComet\scripts\flv_gameklip.lua
C:\Program Files\BitComet\scripts\flv_glumbert.lua
C:\Program Files\BitComet\scripts\flv_googlevideo.lua
C:\Program Files\BitComet\scripts\flv_guba.lua
C:\Program Files\BitComet\scripts\flv_iask.lua
C:\Program Files\BitComet\scripts\flv_ifilm.lua
C:\Program Files\BitComet\scripts\flv_kubao.lua
C:\Program Files\BitComet\scripts\flv_maidee.lua
C:\Program Files\BitComet\scripts\flv_metacafe.lua
C:\Program Files\BitComet\scripts\flv_mop.lua
C:\Program Files\BitComet\scripts\flv_quxiu.lua
C:\Program Files\BitComet\scripts\flv_tudou.lua
C:\Program Files\BitComet\scripts\flv_tvix.lua
C:\Program Files\BitComet\scripts\flv_uume.lua
C:\Program Files\BitComet\scripts\flv_vwangyou.lua
C:\Program Files\BitComet\scripts\flv_yijian.lua
C:\Program Files\BitComet\scripts\flv_yoqoo.lua
C:\Program Files\BitComet\scripts\flv_youtube.lua
C:\Program Files\BitComet\scripts\mp3_baidu.lua
C:\Program Files\BitComet\scripts\mp3_iask.lua
C:\Program Files\BitComet\scripts\mp3_qihoo.lua
C:\Program Files\BitComet\scripts\mp3_sogou.lua
C:\Program Files\BitComet\scripts\mp3_sogua.lua
C:\Program Files\BitComet\scripts\mp3_yahoo.lua
C:\Program Files\BitComet\scripts\mp3_zhongsou.lua
C:\Program Files\BitComet\scripts\soft_2118.lua
C:\Program Files\BitComet\scripts\soft_21cn.lua
C:\Program Files\BitComet\scripts\soft_ddooo.lua
C:\Program Files\BitComet\scripts\soft_duote.lua
C:\Program Files\BitComet\scripts\soft_it_com_cn.lua
C:\Program Files\BitComet\scripts\soft_mydown.lua
C:\Program Files\BitComet\scripts\soft_mydrivers.lua
C:\Program Files\BitComet\scripts\soft_newhua.lua
C:\Program Files\BitComet\scripts\soft_pchome.lua
C:\Program Files\BitComet\scripts\soft_pconline.lua
C:\Program Files\BitComet\scripts\soft_sina.lua
C:\Program Files\BitComet\scripts\soft_skycn.lua
C:\Program Files\BitComet\scripts\soft_sohu.lua
C:\Program Files\BitComet\scripts\soft_tom.lua
C:\Program Files\BitComet\scripts\soft_zol.lua
C:\Program Files\BitComet\tools\BitCometAgent_1.1.2.7.dll
C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
C:\Program Files\BitComet\tools\curl.exe
C:\Program Files\BitComet\tools\FlvPlayer.exe
C:\Program Files\BitComet\tools\RealMediaSplitter.ax
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\BitComet\torrents\Azureus_2.5.0.4a_Win32.setup.exe.xml
C:\Program Files\BitComet\torrents\Azureus_2.5.0.4a_Win32.setup.exe[0].xml
C:\Program Files\BitComet\torrents\Azureus_2.5.0.4a_Win32.setup.exe[1].xml
C:\Program Files\BitComet\torrents\Bienvenue.Chez.Les.Chtis.FR.DVDSCR.C0rT0.avi.torrent
C:\Program Files\BitComet\torrents\Bienvenue.Chez.Les.Chtis.FR.DVDSCR.C0rT0.avi.xml
C:\Program Files\BitComet\torrents\Disco.FRENCH.CAM.XVID-CARNAGE.Upload.(steph53)..avi.torrent
C:\Program Files\BitComet\torrents\Disco.FRENCH.CAM.XVID-CARNAGE.Upload.(steph53)..avi.xml
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe.torrent
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe.xml
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe[0].torrent
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe[0].xml
C:\Program Files\BitComet\torrents\index.html.xml
C:\Program Files\BitComet\torrents\SDFix.exe.xml
C:\Program Files\BitComet\torrents\Vuze_3.1.0.0_windows.exe.xml
C:\Program Files\BitComet\uninst.exe
C:\Program Files\BitDownload
C:\Program Files\BitDownload\BitDownload.exe
C:\Program Files\BitDownload\BitDownload.TRC
C:\Program Files\BitDownload\settings.ini
C:\Program Files\BitDownload\settings.stp
C:\Program Files\BitDownload\SkinCrafterDll.dll
C:\Program Files\BitDownload\Skins\Stylish.skf
C:\Program Files\BitDownload\Support\default.htm
C:\Program Files\BitDownload\Support\dots.gif
C:\Program Files\BitDownload\Support\logo.jpg
C:\Program Files\BitDownload\Support\porttest_error.htm
C:\Program Files\BitDownload\Support\porttest_start.htm
C:\Program Files\BitDownload\TorrentManager.dll
C:\Program Files\BitDownload\unins000.dat
C:\Program Files\BitDownload\unins000.exe
C:\Program Files\FBM Software
C:\Program Files\FBM Software\ZeroSpyware\ActiveXdBase.dat
C:\Program Files\FBM Software\ZeroSpyware\Alert.afa
C:\Program Files\FBM Software\ZeroSpyware\ATL.DLL
C:\Program Files\FBM Software\ZeroSpyware\AutoReporting.afa
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoComplete.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoCompletetemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoURL.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoURLtemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Control.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Desktop.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Guide des stations de radio.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\MSN.com.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Page d'accueil de RealPlayer.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Rechercher des stations - Tuner radio WindowsMedia.com.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\www.inkClub.com - Cartouches d’encre à bas prix pour Epson, Canon, Oki, Lexmark & HP. Les prix les plus bas sur le marché..url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Home.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Hosts
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Run.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Run1.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Run1temp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOnce.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOnce1.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOnce1temp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOncetemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Runtemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Search.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\SearchLocal.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\StartUp\desktop.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\StartUp\MyWebSearch Email Plugin.lnk
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\startupMan.dat
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\System.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Win.ini
C:\Program Files\FBM Software\ZeroSpyware\BHOalert.afa
C:\Program Files\FBM Software\ZeroSpyware\bhowl.dat
C:\Program Files\FBM Software\ZeroSpyware\brwsr.dll
C:\Program Files\FBM Software\ZeroSpyware\BSAlert.afa
C:\Program Files\FBM Software\ZeroSpyware\ContextScanner.dll
C:\Program Files\FBM Software\ZeroSpyware\CPL.dat
C:\Program Files\FBM Software\ZeroSpyware\dbghelp.dll
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\bhoLog.htm
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\cookielog.htm
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\processlog.htm
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\SPORDER.EXE
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\Spyware Diagnostics.exe
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\SysCon.dll
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\SysCon.exe
C:\Program Files\FBM Software\ZeroSpyware\EnableQuickScan.dat
C:\Program Files\FBM Software\ZeroSpyware\ExConfirm.afa
C:\Program Files\FBM Software\ZeroSpyware\exList.dat
C:\Program Files\FBM Software\ZeroSpyware\filecrcs.dat
C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
C:\Program Files\FBM Software\ZeroSpyware\Flash8.ocx
C:\Program Files\FBM Software\ZeroSpyware\frw.afa
C:\Program Files\FBM Software\ZeroSpyware\glvLog\atsiragal_vlg.log
C:\Program Files\FBM Software\ZeroSpyware\gui.dat
C:\Program Files\FBM Software\ZeroSpyware\HostDesc.dat
C:\Program Files\FBM Software\ZeroSpyware\icheck.exe
C:\Program Files\FBM Software\ZeroSpyware\information.afa
C:\Program Files\FBM Software\ZeroSpyware\information2.afa
C:\Program Files\FBM Software\ZeroSpyware\inlist.dat
C:\Program Files\FBM Software\ZeroSpyware\Lisez-moi.rtf
C:\Program Files\FBM Software\ZeroSpyware\livehelp.afa
C:\Program Files\FBM Software\ZeroSpyware\LiveHelp.exe
C:\Program Files\FBM Software\ZeroSpyware\LiveHelp.ico
C:\Program Files\FBM Software\ZeroSpyware\locale.RSC
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-19-2006 02.53.31 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-20-2006 08.50.55 AM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-21-2006 01.01.50 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-24-2006 12.32.48 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-25-2006 01.39.15 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-27-2006 12.32.38 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-29-2006 12.29.46 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\03-31-2006 02.17.00 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\04-01-2006 12.29.56 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\04-08-2006 12.35.26 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\04-09-2006 08.21.50 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\04-17-2006 12.35.01 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\04-18-2006 10.21.57 AM.log
C:\Program Files\FBM Software\ZeroSpyware\msvcp60.dll
C:\Program Files\FBM Software\ZeroSpyware\nagbox.afa
C:\Program Files\FBM Software\ZeroSpyware\notepad.ico
C:\Program Files\FBM Software\ZeroSpyware\PromptWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\quarantineAlert.afa
C:\Program Files\FBM Software\ZeroSpyware\quarantineresult.afa
C:\Program Files\FBM Software\ZeroSpyware\Readme.txt
C:\Program Files\FBM Software\ZeroSpyware\RegBox.afa
C:\Program Files\FBM Software\ZeroSpyware\RegMonExList.dat
C:\Program Files\FBM Software\ZeroSpyware\Release Notes.txt
C:\Program Files\FBM Software\ZeroSpyware\RenewalWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\ReportWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\res.dat
C:\Program Files\FBM Software\ZeroSpyware\Resource\lnkkpr.dat
C:\Program Files\FBM Software\ZeroSpyware\Resource\Pragma00.dat
C:\Program Files\FBM Software\ZeroSpyware\Resource\pragma01.dat
C:\Program Files\FBM Software\ZeroSpyware\rprt.dat
C:\Program Files\FBM Software\ZeroSpyware\rswindow.afa
C:\Program Files\FBM Software\ZeroSpyware\RunDeniedList.dat
C:\Program Files\FBM Software\ZeroSpyware\RunRegistry.afa
C:\Program Files\FBM Software\ZeroSpyware\same.afa
C:\Program Files\FBM Software\ZeroSpyware\scan.dll
C:\Program Files\FBM Software\ZeroSpyware\scanResults.afa
C:\Program Files\FBM Software\ZeroSpyware\schsc.tmp
C:\Program Files\FBM Software\ZeroSpyware\SecAud1.dat
C:\Program Files\FBM Software\ZeroSpyware\SecAud2.dat
C:\Program Files\FBM Software\ZeroSpyware\snapshot.dat
C:\Program Files\FBM Software\ZeroSpyware\splashpage.afa
C:\Program Files\FBM Software\ZeroSpyware\srta.afa
C:\Program Files\FBM Software\ZeroSpyware\ThreeMiniAlert.afa
C:\Program Files\FBM Software\ZeroSpyware\tutorialCool.afa
C:\Program Files\FBM Software\ZeroSpyware\upat
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART1.tmp
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART2.tmp
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART3.tmp
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART4.tmp
C:\Program Files\FBM Software\ZeroSpyware\UpdateWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\usrsc.tmp
C:\Program Files\FBM Software\ZeroSpyware\Vain.afa
C:\Program Files\FBM Software\ZeroSpyware\ViewDetails.afa
C:\Program Files\FBM Software\ZeroSpyware\ViewDetailsCompact.afa
C:\Program Files\FBM Software\ZeroSpyware\ViewDetailsSys.afa
C:\Program Files\FBM Software\ZeroSpyware\zerospyware.afa
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware.exe
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware2005.chm
C:\Program Files\FBM Software\ZeroSpyware\zfbms.dat
C:\Program Files\FBM Software\ZeroSpyware\ZS Remote Restore.exe
C:\Program Files\FBM Software\ZeroSpyware\ZS2005_install.ico
C:\Program Files\FBM Software\ZeroSpyware\ZS2005_uninstall.ico
C:\Program Files\FBM Software\ZeroSpyware\ZSFBMS.dll
C:\Program Files\FBM Software\ZeroSpyware\zsglv.dll
C:\Program Files\FBM Software\ZeroSpyware\ZSLoader.exe
C:\Program Files\FBM Software\ZeroSpyware\ZSRemovalRestorer.dll
C:\Program Files\FBM Software\ZeroSpyware\ZSRR.afa
C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll
C:\Program Files\GetModule
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\pckik.dat
C:\Program Files\GetPack
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\temp1.exe.txt
C:\Program Files\temp2.exe.txt
C:\Program Files\temp3.exe.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\cdmdownld
C:\WINDOWS\System32\cdmdownld\yobqywhuos.dat
C:\WINDOWS\System32\cdmdownld\yobqywhuos.log
C:\WINDOWS\system32\dpufr.qm
C:\WINDOWS\system32\dsm_fr.qm
C:\WINDOWS\system32\dtu_fr.qm
C:\WINDOWS\system32\gokeccuf.tmp
C:\WINDOWS\system32\hhttscim.tmp
C:\WINDOWS\Tasks\A75FCFC891884314.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILEDELETER
-------\Service_FileDeleter

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 08:33 . 2008-06-17 08:33 <REP> d----c--- C:\Documents and Settings\@\Application Data\Talkback
2008-06-17 08:23 . 2008-06-17 08:23 <REP> d----c--- C:\Documents and Settings\@\Application Data\Mozilla
2008-06-17 00:29 . 2008-06-17 11:38 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 00:28 . 2008-06-17 01:06 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-17 00:28 . 2008-06-17 00:28 <REP> d----c--- C:\Documents and Settings\@\Application Data\PC Tools
2008-06-17 00:28 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-17 00:28 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-17 00:28 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-17 00:28 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-16 22:23 . 2008-06-16 22:23 <REP> d-------- C:\Program Files\Avira
2008-06-16 22:23 . 2008-06-16 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-16 22:15 . 2008-06-16 22:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-16 22:15 . 2008-06-16 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 20:27 . 2008-06-17 08:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 17:09 . 2008-06-15 17:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-14 20:46 . 2008-06-14 20:46 <REP> d----c--- C:\bureau
2008-06-14 20:43 . 2008-06-14 01:37 <REP> d----c--- C:\SDFix
2008-06-14 18:29 . 2008-06-14 18:29 <REP> d-------- C:\Program Files\mjc
2008-06-13 16:07 . 2008-06-13 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-13 16:07 . 2008-06-13 16:07 <REP> d----c--- C:\Documents and Settings\@\Application Data\Malwarebytes
2008-06-13 16:06 . 2008-06-14 16:28 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 16:06 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 16:06 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 13:49 . 2008-06-15 19:57 <REP> d-------- C:\Program Files\Navilog1
2008-06-13 13:41 . 2008-06-16 23:25 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-06-13 13:24 . 2008-06-13 13:24 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 18:56 . 2008-06-12 18:56 <REP> d----c--- C:\tmp
2008-06-12 18:56 . 2008-06-12 18:56 190 --a--c--- C:\statistic.xml
2008-06-12 18:29 . 2008-06-12 18:29 <REP> d-------- C:\Program Files\iCheck
2008-06-08 20:18 . 2008-06-08 20:19 <REP> d-------- C:\Program Files\Virtools Web Player 3.5
2008-06-06 17:42 . 2008-06-06 17:42 <REP> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-05 18:23 . 2008-06-05 18:23 <REP> d----c--- C:\Documents and Settings\@\Application Data\dvdcss
2008-05-30 18:56 . 2008-05-30 18:56 <REP> d-------- C:\Games
2008-05-23 04:55 . 2008-05-23 04:55 <REP> d----c--- C:\Documents and Settings\@\Application Data\Documents and Settings
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 416 --a--c--- C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a--c--- C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 11:55 . 2008-05-19 11:55 <REP> d----c--- C:\Documents and Settings\@\Application Data\@

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 06:37 --------- d-----w C:\Program Files\Google
2008-06-16 22:41 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-06-16 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-06-16 21:38 --------- d-----w C:\Program Files\QuickTime
2008-06-16 21:30 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-16 21:25 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-06-16 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 21:22 --------- d-----w C:\Program Files\DivX
2008-06-16 21:01 --------- d-----w C:\Program Files\Common Files
2008-06-16 19:31 --------- d-----w C:\Program Files\Picasa2
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-05-08 14:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-08 14:41 --------- dc----w C:\Documents and Settings\@\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 10:54 --------- dc----w C:\Documents and Settings\@\Application Data\Application Data
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-05 13:48 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2007-04-25 11:15 56,842,460 -c--a-w C:\Program Files\cp_neuf_v1.2.exe
2007-03-17 19:13 265,136 -c--a-w C:\Program Files\Appartement_3D_2006_Telecharger{75474}.exe
2007-03-17 18:15 4,056,554 -c--a-w C:\Program Files\ihp_kitchen1_6_2.exe
2007-03-11 20:32 900,857 -c--a-w C:\Program Files\mp3codec.zip
2007-03-05 01:29 643,144 -c----w C:\Program Files\XviD-1.1.2-01112006.exe
2007-01-07 12:00 7,350,919 -c--a-w C:\Program Files\jecreemacuisineavecleroymerlin-1_0_0.exe
2007-01-02 18:25 5,297,976 -c--a-w C:\Program Files\picasaweb-current-setup.exe
2006-12-28 08:29 1,923,290 -c--a-w C:\Program Files\cdex_151.zip
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1999-06-26 10:38 6,193 -c--a-r C:\Program Files\radium.nfo
1999-06-26 09:58 904,328 -c--a-r C:\Program Files\setupl3c.exe
2006-03-28 15:25 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
2006-07-05 10:56 192 -csh--r C:\WINDOWS\inf\sdatabl.sav.bin
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2002-08-30 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-30 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-19 23:09 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0755AEB9-CD5C-85D8-E73C-969940E7FCDC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 06:00 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:26 68856]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-14 18:29 145408]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 16:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 16:19 323584 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [2000-10-16 00:00 32768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2006-11-17 13:41 71216]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 19:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 22:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-12-08 16:38 245760]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-01-28 17:48 180224]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46 238936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TopSearch"="C:\Program Files\TopSearch\TopSearch.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Documents and Settings\\@\\Bureau\\PHILIPPE\\facade\\eMule\\emule.exe"=
"C:\\Program Files\\Xolox\\XoloxEXE.exe"=
"C:\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24563:TCP"= 24563:TCP:BitComet 24563 TCP
"24563:UDP"= 24563:UDP:BitComet 24563 UDP

R2 amdfix;amdfix;C:\WINDOWS\System32\drivers\amdfix.sys [2004-04-17 18:41]
R2 xinstall;xinstall;C:\WINDOWS\System32\drivers\xinstall.sys [2004-04-17 18:41]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-12-13 22:25]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-17 10:03:58 C:\WINDOWS\Tasks\Recherche de mises à jour sur McAfee.com (POLIAKHOVITCH-@).job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06, on 2008-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\mjc\mjc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - C:\PAE_BHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 13 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

http://www.commentcamarche.net/forum/affich 6874602 ordi avec plein depub

Cela c'est ce que l'on appelle un doublon, pas bien !!

En plus, tu postes certains rapports datant du même jour/ même heure (comme celui de malwareByte'sAnti-Malware) sur les deux postes !! Tu exagères !!

Tu n'as pas l'impression de mobiliser plus de personnes qu'il n'en faut ??
Pas l'impression de te moquer un peu de nous ??

Je suis tombé dessus par hasard, en faisant des recherches sur certains fichiers suspects vus dans le rapport ComboFix, tu imaginer l'agréable surprise que cela m'a fait ...

...

phi60420 Messages postés 169 Statut Membre 1

excuse je t'ai envoyé ce que tu ma demandé

Réponse 14 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

Avant de continuer, réponds a ces questions stp :

As tu une session ouverte au nom de @ ?

Sais tu à quoi sert le programme mjc ?

@ de suite.

phi60420 Messages postés 169 Statut Membre 1

mjc pour moi c'est du latin
une session ouverte au nom @ oui

Réponse 15 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

OK, merci pour ta réponse.

ComboFix avec CFScript :

* Sélectionne le texte suivant (en gras) dans son intégralité :

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0755AEB9-CD5C-85D8-E73C-969940E7FCDC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{911A1534-8E65-448E-92AE-E22D49F870C4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TopSearch"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mjc"=-

Folder::
C:\Program Files\TopSearch
C:\Program Files\mjc

File::
C:\Program Files\TopSearch\TopSearch.exe
C:\PAE_BHO.dll
C:\Program Files\mjc\mjc.exe
C:\SDFix

* Copie le texte sélectionné (CTRL+C).
* Ouvre le Bloc-notes (Démarrer / Tous les Programmes>Accessoires >bloc-notes).
* Colle le texte copié dans ce Bloc-notes (CTRL+V).
* Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript.txt

/!\ Déconnecte toi du net et désactive ton antivirus pour que ComboFix puisse s'exécuter normalement. /!\

Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe ( sur ton Bureau)

Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

(Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

Dis moi aussi comment se porte ton PC ;)

@ ce soir

phi60420 Messages postés 169 Statut Membre 1

ComboFix 08-06-15.4 - @ 2008-06-17 13:18:59.2 - NTFSx86
Endroit: C:\Documents and Settings\@\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\@\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\PAE_BHO.dll
C:\Program Files\mjc\mjc.exe
C:\Program Files\TopSearch\TopSearch.exe
C:\SDFix
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PAE_BHO.dll
C:\Program Files\mjc
C:\Program Files\mjc\mjc.exe
.
---- Previous Run -------
.
C:\Documents and Settings\@\cbctfe.exe
C:\Documents and Settings\@\dnusnf.exe
C:\Documents and Settings\@\fmqqid.exe
C:\Documents and Settings\@\ftrzqo.exe
C:\Documents and Settings\@\hlqwik.exe
C:\Documents and Settings\@\kgpciy.exe
C:\Documents and Settings\@\malhqh.exe
C:\Documents and Settings\@\mkxlgo.exe
C:\Documents and Settings\@\nqyorx.exe
C:\Documents and Settings\@\pltklx.exe
C:\Documents and Settings\@\uxmyyr.exe
C:\Documents and Settings\@\xedlmd.exe
C:\Documents and Settings\@\xizipa.exe
C:\Documents and Settings\@\xqpebh.exe
C:\PAE.exe
C:\Program Files\bit.bat
C:\Program Files\bit2.bat
C:\Program Files\bit3.bat
C:\Program Files\BitComet
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\BitComet.url
C:\Program Files\BitComet\BitComet.xml
C:\Program Files\BitComet\ChangeLog.txt
C:\Program Files\BitComet\CRASH.DMP
C:\Program Files\BitComet\CRASH.ZIP
C:\Program Files\BitComet\CRASHLOG.DAT
C:\Program Files\BitComet\CRASHLOG.TXT
C:\Program Files\BitComet\CrashReport.exe
C:\Program Files\BitComet\dbghelp.dll
C:\Program Files\BitComet\Downloads.xml
C:\Program Files\BitComet\fav\ad\previewdlg_en_us.htm
C:\Program Files\BitComet\fav\ad\previewdlg_zh_cn.htm
C:\Program Files\BitComet\fav\ad\previewwnd_en_us.htm
C:\Program Files\BitComet\fav\ad\previewwnd_zh_cn.htm
C:\Program Files\BitComet\fav\ad\pv_dlg.swf
C:\Program Files\BitComet\fav\ad\pv_wnd.swf
C:\Program Files\BitComet\fav\download-complete.wav
C:\Program Files\BitComet\fav\fav_bg_bg.xml
C:\Program Files\BitComet\fav\fav_ca_es.xml
C:\Program Files\BitComet\fav\fav_de_de.xml
C:\Program Files\BitComet\fav\fav_el_gr.xml
C:\Program Files\BitComet\fav\fav_en_us.xml
C:\Program Files\BitComet\fav\fav_es_es.xml
C:\Program Files\BitComet\fav\fav_fi_fi.xml
C:\Program Files\BitComet\fav\fav_he_il.xml
C:\Program Files\BitComet\fav\fav_hu_hu.xml
C:\Program Files\BitComet\fav\fav_it_it.xml
C:\Program Files\BitComet\fav\fav_jp_jp.xml
C:\Program Files\BitComet\fav\fav_ko_kr.xml
C:\Program Files\BitComet\fav\fav_lv_lv.xml
C:\Program Files\BitComet\fav\fav_nl_nl.xml
C:\Program Files\BitComet\fav\fav_pl_pl.xml
C:\Program Files\BitComet\fav\fav_pt_br.xml
C:\Program Files\BitComet\fav\fav_pt_pt.xml
C:\Program Files\BitComet\fav\fav_ru_ru.xml
C:\Program Files\BitComet\fav\fav_sl_si.xml
C:\Program Files\BitComet\fav\fav_th_th.xml
C:\Program Files\BitComet\fav\fav_uk_ua.xml
C:\Program Files\BitComet\fav\fav_va_es.xml
C:\Program Files\BitComet\fav\fav_vi_vn.xml
C:\Program Files\BitComet\fav\fav_zh_cn.xml
C:\Program Files\BitComet\fav\fav_zh_tw.xml
C:\Program Files\BitComet\fav\HowTo-AddYourSite.txt
C:\Program Files\BitComet\fav\introduce_zh_cn.mht
C:\Program Files\BitComet\fav\passport_info_en_us.mht
C:\Program Files\BitComet\fav\passport_info_zh_cn.mht
C:\Program Files\BitComet\fav\search_el_gr.mht
C:\Program Files\BitComet\fav\search_en_us.mht
C:\Program Files\BitComet\fav\search_uk_ua.mht
C:\Program Files\BitComet\fav\search_zh_cn.mht
C:\Program Files\BitComet\Favourite.xml
C:\Program Files\BitComet\lang\HowTo-Translate.txt
C:\Program Files\BitComet\lang\lang_ar_ae.xml
C:\Program Files\BitComet\lang\lang_ba_ba.xml
C:\Program Files\BitComet\lang\lang_ba_eu.xml
C:\Program Files\BitComet\lang\lang_bg_bg.xml
C:\Program Files\BitComet\lang\lang_ca_es.xml
C:\Program Files\BitComet\lang\lang_cz_cz.xml
C:\Program Files\BitComet\lang\lang_da_dk.xml
C:\Program Files\BitComet\lang\lang_de_de.xml
C:\Program Files\BitComet\lang\lang_el_gr.xml
C:\Program Files\BitComet\lang\lang_en_us.xml
C:\Program Files\BitComet\lang\lang_es_ar.xml
C:\Program Files\BitComet\lang\lang_es_es.xml
C:\Program Files\BitComet\lang\lang_et_ee.xml
C:\Program Files\BitComet\lang\lang_fi_fi.xml
C:\Program Files\BitComet\lang\lang_fr_fr.xml
C:\Program Files\BitComet\lang\lang_gl_es.xml
C:\Program Files\BitComet\lang\lang_he_il.xml
C:\Program Files\BitComet\lang\lang_hr_hr.xml
C:\Program Files\BitComet\lang\lang_hu_hu.xml
C:\Program Files\BitComet\lang\lang_it_it.xml
C:\Program Files\BitComet\lang\lang_jp_jp.xml
C:\Program Files\BitComet\lang\lang_ko_kr.xml
C:\Program Files\BitComet\lang\lang_lt_lt.xml
C:\Program Files\BitComet\lang\lang_lv_lv.xml
C:\Program Files\BitComet\lang\lang_nb_no.xml
C:\Program Files\BitComet\lang\lang_nl_nl.xml
C:\Program Files\BitComet\lang\lang_pl_pl.xml
C:\Program Files\BitComet\lang\lang_pt_br.xml
C:\Program Files\BitComet\lang\lang_pt_pt.xml
C:\Program Files\BitComet\lang\lang_ro_ro.xml
C:\Program Files\BitComet\lang\lang_ru_ru.xml
C:\Program Files\BitComet\lang\lang_sk_sk.xml
C:\Program Files\BitComet\lang\lang_sl_si.xml
C:\Program Files\BitComet\lang\lang_sq_al.xml
C:\Program Files\BitComet\lang\lang_sr_sr.xml
C:\Program Files\BitComet\lang\lang_sv_se.xml
C:\Program Files\BitComet\lang\lang_th_th.xml
C:\Program Files\BitComet\lang\lang_tr_tr.xml
C:\Program Files\BitComet\lang\lang_uk_ua.xml
C:\Program Files\BitComet\lang\lang_va_es.xml
C:\Program Files\BitComet\lang\lang_vi_vn.xml
C:\Program Files\BitComet\lang\lang_zh_cn.xml
C:\Program Files\BitComet\lang\lang_zh_tw.xml
C:\Program Files\BitComet\License.txt
C:\Program Files\BitComet\ReadMe.txt
C:\Program Files\BitComet\rules\dhtnodes.dat
C:\Program Files\BitComet\rules\tracker.dat
C:\Program Files\BitComet\scripts\flv_15150.lua
C:\Program Files\BitComet\scripts\flv_155.lua
C:\Program Files\BitComet\scripts\flv_163888.lua
C:\Program Files\BitComet\scripts\flv_17173.lua
C:\Program Files\BitComet\scripts\flv_21gt.lua
C:\Program Files\BitComet\scripts\flv_516.lua
C:\Program Files\BitComet\scripts\flv_51tv.lua
C:\Program Files\BitComet\scripts\flv_56.lua
C:\Program Files\BitComet\scripts\flv_5show.lua
C:\Program Files\BitComet\scripts\flv_5t.lua
C:\Program Files\BitComet\scripts\flv_6rooms.lua
C:\Program Files\BitComet\scripts\flv_91vc.lua
C:\Program Files\BitComet\scripts\flv_9you.lua
C:\Program Files\BitComet\scripts\flv_bebo.lua
C:\Program Files\BitComet\scripts\flv_cnboo.lua
C:\Program Files\BitComet\scripts\flv_collegehumor.lua
C:\Program Files\BitComet\scripts\flv_dailymotion.lua
C:\Program Files\BitComet\scripts\flv_dumpalink.lua
C:\Program Files\BitComet\scripts\flv_dusee.lua
C:\Program Files\BitComet\scripts\flv_einhand.lua
C:\Program Files\BitComet\scripts\flv_feesee.lua
C:\Program Files\BitComet\scripts\flv_gameklip.lua
C:\Program Files\BitComet\scripts\flv_glumbert.lua
C:\Program Files\BitComet\scripts\flv_googlevideo.lua
C:\Program Files\BitComet\scripts\flv_guba.lua
C:\Program Files\BitComet\scripts\flv_iask.lua
C:\Program Files\BitComet\scripts\flv_ifilm.lua
C:\Program Files\BitComet\scripts\flv_kubao.lua
C:\Program Files\BitComet\scripts\flv_maidee.lua
C:\Program Files\BitComet\scripts\flv_metacafe.lua
C:\Program Files\BitComet\scripts\flv_mop.lua
C:\Program Files\BitComet\scripts\flv_quxiu.lua
C:\Program Files\BitComet\scripts\flv_tudou.lua
C:\Program Files\BitComet\scripts\flv_tvix.lua
C:\Program Files\BitComet\scripts\flv_uume.lua
C:\Program Files\BitComet\scripts\flv_vwangyou.lua
C:\Program Files\BitComet\scripts\flv_yijian.lua
C:\Program Files\BitComet\scripts\flv_yoqoo.lua
C:\Program Files\BitComet\scripts\flv_youtube.lua
C:\Program Files\BitComet\scripts\mp3_baidu.lua
C:\Program Files\BitComet\scripts\mp3_iask.lua
C:\Program Files\BitComet\scripts\mp3_qihoo.lua
C:\Program Files\BitComet\scripts\mp3_sogou.lua
C:\Program Files\BitComet\scripts\mp3_sogua.lua
C:\Program Files\BitComet\scripts\mp3_yahoo.lua
C:\Program Files\BitComet\scripts\mp3_zhongsou.lua
C:\Program Files\BitComet\scripts\soft_2118.lua
C:\Program Files\BitComet\scripts\soft_21cn.lua
C:\Program Files\BitComet\scripts\soft_ddooo.lua
C:\Program Files\BitComet\scripts\soft_duote.lua
C:\Program Files\BitComet\scripts\soft_it_com_cn.lua
C:\Program Files\BitComet\scripts\soft_mydown.lua
C:\Program Files\BitComet\scripts\soft_mydrivers.lua
C:\Program Files\BitComet\scripts\soft_newhua.lua
C:\Program Files\BitComet\scripts\soft_pchome.lua
C:\Program Files\BitComet\scripts\soft_pconline.lua
C:\Program Files\BitComet\scripts\soft_sina.lua
C:\Program Files\BitComet\scripts\soft_skycn.lua
C:\Program Files\BitComet\scripts\soft_sohu.lua
C:\Program Files\BitComet\scripts\soft_tom.lua
C:\Program Files\BitComet\scripts\soft_zol.lua
C:\Program Files\BitComet\tools\BitCometAgent_1.1.2.7.dll
C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
C:\Program Files\BitComet\tools\curl.exe
C:\Program Files\BitComet\tools\FlvPlayer.exe
C:\Program Files\BitComet\tools\RealMediaSplitter.ax
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\BitComet\torrents\Azureus_2.5.0.4a_Win32.setup.exe.xml
C:\Program Files\BitComet\torrents\Azureus_2.5.0.4a_Win32.setup.exe[0].xml
C:\Program Files\BitComet\torrents\Azureus_2.5.0.4a_Win32.setup.exe[1].xml
C:\Program Files\BitComet\torrents\Bienvenue.Chez.Les.Chtis.FR.DVDSCR.C0rT0.avi.torrent
C:\Program Files\BitComet\torrents\Bienvenue.Chez.Les.Chtis.FR.DVDSCR.C0rT0.avi.xml
C:\Program Files\BitComet\torrents\Disco.FRENCH.CAM.XVID-CARNAGE.Upload.(steph53)..avi.torrent
C:\Program Files\BitComet\torrents\Disco.FRENCH.CAM.XVID-CARNAGE.Upload.(steph53)..avi.xml
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe.torrent
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe.xml
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe[0].torrent
C:\Program Files\BitComet\torrents\Enfin.Veuve.FRENCH.CAM.XViD-CaRNaGe[0].xml
C:\Program Files\BitComet\torrents\index.html.xml
C:\Program Files\BitComet\torrents\SDFix.exe.xml
C:\Program Files\BitComet\torrents\Vuze_3.1.0.0_windows.exe.xml
C:\Program Files\BitComet\uninst.exe
C:\Program Files\BitDownload
C:\Program Files\BitDownload\BitDownload.exe
C:\Program Files\BitDownload\BitDownload.TRC
C:\Program Files\BitDownload\settings.ini
C:\Program Files\BitDownload\settings.stp
C:\Program Files\BitDownload\SkinCrafterDll.dll
C:\Program Files\BitDownload\Skins\Stylish.skf
C:\Program Files\BitDownload\Support\default.htm
C:\Program Files\BitDownload\Support\dots.gif
C:\Program Files\BitDownload\Support\logo.jpg
C:\Program Files\BitDownload\Support\porttest_error.htm
C:\Program Files\BitDownload\Support\porttest_start.htm
C:\Program Files\BitDownload\TorrentManager.dll
C:\Program Files\BitDownload\unins000.dat
C:\Program Files\BitDownload\unins000.exe
C:\Program Files\FBM Software
C:\Program Files\FBM Software\ZeroSpyware\ActiveXdBase.dat
C:\Program Files\FBM Software\ZeroSpyware\Alert.afa
C:\Program Files\FBM Software\ZeroSpyware\ATL.DLL
C:\Program Files\FBM Software\ZeroSpyware\AutoReporting.afa
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoComplete.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoCompletetemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoURL.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\AutoURLtemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Control.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Desktop.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Guide des stations de radio.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\MSN.com.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Page d'accueil de RealPlayer.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\Rechercher des stations - Tuner radio WindowsMedia.com.url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Favoritos\www.inkClub.com - Cartouches d’encre à bas prix pour Epson, Canon, Oki, Lexmark & HP. Les prix les plus bas sur le marché..url
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Home.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Hosts
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Run.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Run1.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Run1temp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOnce.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOnce1.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOnce1temp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\RunOncetemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Runtemp.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Search.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\SearchLocal.bak
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\StartUp\desktop.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\StartUp\MyWebSearch Email Plugin.lnk
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\startupMan.dat
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\System.ini
C:\Program Files\FBM Software\ZeroSpyware\BackUp\WINXP\@\Win.ini
C:\Program Files\FBM Software\ZeroSpyware\BHOalert.afa
C:\Program Files\FBM Software\ZeroSpyware\bhowl.dat
C:\Program Files\FBM Software\ZeroSpyware\brwsr.dll
C:\Program Files\FBM Software\ZeroSpyware\BSAlert.afa
C:\Program Files\FBM Software\ZeroSpyware\ContextScanner.dll
C:\Program Files\FBM Software\ZeroSpyware\CPL.dat
C:\Program Files\FBM Software\ZeroSpyware\dbghelp.dll
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\bhoLog.htm
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\cookielog.htm
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\processlog.htm
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\SPORDER.EXE
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\Spyware Diagnostics.exe
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\SysCon.dll
C:\Program Files\FBM Software\ZeroSpyware\Diagnostics\SysCon.exe
C:\Program Files\FBM Software\ZeroSpyware\EnableQuickScan.dat
C:\Program Files\FBM Software\ZeroSpyware\ExConfirm.afa
C:\Program Files\FBM Software\ZeroSpyware\exList.dat
C:\Program Files\FBM Software\ZeroSpyware\filecrcs.dat
C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe
C:\Program Files\FBM Software\ZeroSpyware\Flash8.ocx
C:\Program Files\FBM Software\ZeroSpyware\frw.afa
C:\Program Files\FBM Software\ZeroSpyware\glvLog\atsiragal_vlg.log
C:\Program Files\FBM Software\ZeroSpyware\gui.dat
C:\Program Files\FBM Software\ZeroSpyware\HostDesc.dat
C:\Program Files\FBM Software\ZeroSpyware\icheck.exe
C:\Program Files\FBM Software\ZeroSpyware\information.afa
C:\Program Files\FBM Software\ZeroSpyware\information2.afa
C:\Program Files\FBM Software\ZeroSpyware\inlist.dat
C:\Program Files\FBM Software\ZeroSpyware\Lisez-moi.rtf
C:\Program Files\FBM Software\ZeroSpyware\livehelp.afa
C:\Program Files\FBM Software\ZeroSpyware\LiveHelp.exe
C:\Program Files\FBM Software\ZeroSpyware\LiveHelp.ico
C:\Program Files\FBM Software\ZeroSpyware\locale.RSC
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-19-2006 02.53.31 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-20-2006 08.50.55 AM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-21-2006 01.01.50 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-24-2006 12.32.48 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-25-2006 01.39.15 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-27-2006 12.32.38 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-29-2006 12.29.46 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]3-31-2006 02.17.00 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]4-01-2006 12.29.56 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]4-08-2006 12.35.26 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]4-09-2006 08.21.50 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]4-17-2006 12.35.01 PM.log
C:\Program Files\FBM Software\ZeroSpyware\logdata\[u]0[/u]4-18-2006 10.21.57 AM.log
C:\Program Files\FBM Software\ZeroSpyware\msvcp60.dll
C:\Program Files\FBM Software\ZeroSpyware\nagbox.afa
C:\Program Files\FBM Software\ZeroSpyware\notepad.ico
C:\Program Files\FBM Software\ZeroSpyware\PromptWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\quarantineAlert.afa
C:\Program Files\FBM Software\ZeroSpyware\quarantineresult.afa
C:\Program Files\FBM Software\ZeroSpyware\Readme.txt
C:\Program Files\FBM Software\ZeroSpyware\RegBox.afa
C:\Program Files\FBM Software\ZeroSpyware\RegMonExList.dat
C:\Program Files\FBM Software\ZeroSpyware\Release Notes.txt
C:\Program Files\FBM Software\ZeroSpyware\RenewalWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\ReportWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\res.dat
C:\Program Files\FBM Software\ZeroSpyware\Resource\lnkkpr.dat
C:\Program Files\FBM Software\ZeroSpyware\Resource\Pragma00.dat
C:\Program Files\FBM Software\ZeroSpyware\Resource\pragma01.dat
C:\Program Files\FBM Software\ZeroSpyware\rprt.dat
C:\Program Files\FBM Software\ZeroSpyware\rswindow.afa
C:\Program Files\FBM Software\ZeroSpyware\RunDeniedList.dat
C:\Program Files\FBM Software\ZeroSpyware\RunRegistry.afa
C:\Program Files\FBM Software\ZeroSpyware\same.afa
C:\Program Files\FBM Software\ZeroSpyware\scan.dll
C:\Program Files\FBM Software\ZeroSpyware\scanResults.afa
C:\Program Files\FBM Software\ZeroSpyware\schsc.tmp
C:\Program Files\FBM Software\ZeroSpyware\SecAud1.dat
C:\Program Files\FBM Software\ZeroSpyware\SecAud2.dat
C:\Program Files\FBM Software\ZeroSpyware\snapshot.dat
C:\Program Files\FBM Software\ZeroSpyware\splashpage.afa
C:\Program Files\FBM Software\ZeroSpyware\srta.afa
C:\Program Files\FBM Software\ZeroSpyware\ThreeMiniAlert.afa
C:\Program Files\FBM Software\ZeroSpyware\tutorialCool.afa
C:\Program Files\FBM Software\ZeroSpyware\upat
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART1.tmp
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART2.tmp
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART3.tmp
C:\Program Files\FBM Software\ZeroSpyware\Updates\zfbms.dat2.00.0380.0004PART4.tmp
C:\Program Files\FBM Software\ZeroSpyware\UpdateWindow.afa
C:\Program Files\FBM Software\ZeroSpyware\usrsc.tmp
C:\Program Files\FBM Software\ZeroSpyware\Vain.afa
C:\Program Files\FBM Software\ZeroSpyware\ViewDetails.afa
C:\Program Files\FBM Software\ZeroSpyware\ViewDetailsCompact.afa
C:\Program Files\FBM Software\ZeroSpyware\ViewDetailsSys.afa
C:\Program Files\FBM Software\ZeroSpyware\zerospyware.afa
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware.exe
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware2005.chm
C:\Program Files\FBM Software\ZeroSpyware\zfbms.dat
C:\Program Files\FBM Software\ZeroSpyware\ZS Remote Restore.exe
C:\Program Files\FBM Software\ZeroSpyware\ZS2005_install.ico
C:\Program Files\FBM Software\ZeroSpyware\ZS2005_uninstall.ico
C:\Program Files\FBM Software\ZeroSpyware\ZSFBMS.dll
C:\Program Files\FBM Software\ZeroSpyware\zsglv.dll
C:\Program Files\FBM Software\ZeroSpyware\ZSLoader.exe
C:\Program Files\FBM Software\ZeroSpyware\ZSRemovalRestorer.dll
C:\Program Files\FBM Software\ZeroSpyware\ZSRR.afa
C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll
C:\Program Files\GetModule
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\pckik.dat
C:\Program Files\GetPack
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\temp1.exe.txt
C:\Program Files\temp2.exe.txt
C:\Program Files\temp3.exe.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\cdmdownld
C:\WINDOWS\System32\cdmdownld\yobqywhuos.dat
C:\WINDOWS\System32\cdmdownld\yobqywhuos.log
C:\WINDOWS\system32\dpufr.qm
C:\WINDOWS\system32\dsm_fr.qm
C:\WINDOWS\system32\dtu_fr.qm
C:\WINDOWS\system32\gokeccuf.tmp
C:\WINDOWS\system32\hhttscim.tmp
C:\WINDOWS\Tasks\A75FCFC891884314.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILEDELETER
-------\Service_FileDeleter

((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 08:33 . 2008-06-17 08:33 <REP> d----c--- C:\Documents and Settings\@\Application Data\Talkback
2008-06-17 08:23 . 2008-06-17 08:23 <REP> d----c--- C:\Documents and Settings\@\Application Data\Mozilla
2008-06-17 00:29 . 2008-06-17 11:38 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 00:28 . 2008-06-17 01:06 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-17 00:28 . 2008-06-17 00:28 <REP> d----c--- C:\Documents and Settings\@\Application Data\PC Tools
2008-06-17 00:28 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-17 00:28 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-17 00:28 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-17 00:28 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-16 22:23 . 2008-06-16 22:23 <REP> d-------- C:\Program Files\Avira
2008-06-16 22:23 . 2008-06-16 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-16 22:15 . 2008-06-16 22:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-16 22:15 . 2008-06-16 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 20:27 . 2008-06-17 08:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 17:09 . 2008-06-15 17:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-14 20:46 . 2008-06-14 20:46 <REP> d----c--- C:\bureau
2008-06-14 20:43 . 2008-06-14 01:37 <REP> d----c--- C:\SDFix
2008-06-13 16:07 . 2008-06-13 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-13 16:07 . 2008-06-13 16:07 <REP> d----c--- C:\Documents and Settings\@\Application Data\Malwarebytes
2008-06-13 16:06 . 2008-06-14 16:28 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 16:06 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 16:06 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 13:49 . 2008-06-15 19:57 <REP> d-------- C:\Program Files\Navilog1
2008-06-13 13:41 . 2008-06-16 23:25 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-06-13 13:24 . 2008-06-13 13:24 <REP> d-------- C:\Program Files\Trend Micro
2008-06-12 18:56 . 2008-06-12 18:56 <REP> d----c--- C:\tmp
2008-06-12 18:56 . 2008-06-12 18:56 190 --a--c--- C:\statistic.xml
2008-06-12 18:29 . 2008-06-12 18:29 <REP> d-------- C:\Program Files\iCheck
2008-06-08 20:18 . 2008-06-08 20:19 <REP> d-------- C:\Program Files\Virtools Web Player 3.5
2008-06-06 17:42 . 2008-06-06 17:42 <REP> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-05 18:23 . 2008-06-05 18:23 <REP> d----c--- C:\Documents and Settings\@\Application Data\dvdcss
2008-05-30 18:56 . 2008-05-30 18:56 <REP> d-------- C:\Games
2008-05-23 04:55 . 2008-05-23 04:55 <REP> d----c--- C:\Documents and Settings\@\Application Data\Documents and Settings
2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-23 00:19 . 2008-05-23 00:19 416 --a--c--- C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-23 00:19 . 2008-05-23 00:19 416 --a--c--- C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 11:55 . 2008-05-19 11:55 <REP> d----c--- C:\Documents and Settings\@\Application Data\@

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 06:37 --------- d-----w C:\Program Files\Google
2008-06-16 22:41 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-06-16 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-06-16 21:38 --------- d-----w C:\Program Files\QuickTime
2008-06-16 21:30 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-16 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 21:22 --------- d-----w C:\Program Files\DivX
2008-06-16 21:01 --------- d-----w C:\Program Files\Common Files
2008-06-16 19:31 --------- d-----w C:\Program Files\Picasa2
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-05-08 14:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-08 14:41 --------- dc----w C:\Documents and Settings\@\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 10:54 --------- dc----w C:\Documents and Settings\@\Application Data\Application Data
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-05 13:48 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2007-04-25 11:15 56,842,460 -c--a-w C:\Program Files\cp_neuf_v1.2.exe
2007-03-17 19:13 265,136 -c--a-w C:\Program Files\Appartement_3D_2006_Telecharger{75474}.exe
2007-03-17 18:15 4,056,554 -c--a-w C:\Program Files\ihp_kitchen1_6_2.exe
2007-03-11 20:32 900,857 -c--a-w C:\Program Files\mp3codec.zip
2007-03-05 01:29 643,144 -c----w C:\Program Files\XviD-1.1.2-01112006.exe
2007-01-07 12:00 7,350,919 -c--a-w C:\Program Files\jecreemacuisineavecleroymerlin-1_0_0.exe
2007-01-02 18:25 5,297,976 -c--a-w C:\Program Files\picasaweb-current-setup.exe
2006-12-28 08:29 1,923,290 -c--a-w C:\Program Files\cdex_151.zip
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1999-06-26 10:38 6,193 -c--a-r C:\Program Files\radium.nfo
1999-06-26 09:58 904,328 -c--a-r C:\Program Files\setupl3c.exe
2006-03-28 15:25 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
2006-07-05 10:56 192 -csh--r C:\WINDOWS\inf\sdatabl.sav.bin
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2002-08-30 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-30 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-19 23:09 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 06:00 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:26 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 16:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 16:19 323584 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [2000-10-16 00:00 32768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2006-11-17 13:41 71216]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 19:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 22:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-12-08 16:38 245760]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-01-28 17:48 180224]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46 238936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Documents and Settings\\@\\Bureau\\PHILIPPE\\facade\\eMule\\emule.exe"=
"C:\\Program Files\\Xolox\\XoloxEXE.exe"=
"C:\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24563:TCP"= 24563:TCP:BitComet 24563 TCP
"24563:UDP"= 24563:UDP:BitComet 24563 UDP

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-17 10:03:58 C:\WINDOWS\Tasks\Recherche de mises à jour sur McAfee.com (POLIAKHOVITCH-@).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-06-17 09:51:34 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-17 11:01:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 13:22:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-17 13:51:01
ComboFix-quarantined-files.txt 2008-06-17 11:50:53
ComboFix2.txt 2008-06-16 21:59:19
ComboFix3.txt 2008-06-16 05:39:43

Pre-Run: 15,137,005,568 octets libres
Post-Run: 15,128,854,528 octets libres

579 --- E O F --- 2008-06-16 01:06:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:53, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 16 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Re

Par la suite, désinstalle Mac Affee

Car il ne doit pas s'entendre avec Antivir ! 2 antivirus sur le même PC = danger, sources de conflits ++

On garde Antivir bien plus efficace.

Il faut réparer Antivir, car je ne crois pas qu'il soit actif dans ta barre des tâches en bas à droite ... pour cela

* Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="\"C:\\PROGRA~1\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\""

Puis "fichier"/"enregistrer sous" :
dans : sur le Bureau
Nom du fichier : Antivir.reg
Type de fichier : "tous les fichiers"
Clique sur "Enregistrer"

Note:
* Lors de l'enregistrement, il faut choisir pour le champ "Type": "Tous les fichiers"
* Fait bien attention que Windows Registry Editor Version 5.00 soit sur la toute 1ere ligne, sinon le fix ne fonctionnera pas.

Quitte Internet et double clique sur Antivir.reg sur ton Bureau
=> Tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "Oui"

* Paramètre Antivir comme indiqué ici :
http://speedweb1.free.fr/frames2.php?page=tuto5
ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

* Reposte un HijackThis en réponse stp.

@+

phi60420 Messages postés 169 Statut Membre 1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:21, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [avgnt] "C:\PROGRA~1\Avira\AntiVir PersonalEdition Classic\avgnt.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 17 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonsoir Phi

Peux tu te rendre à C:\Qoobox et faire un clic droit et zipper puis envoyer ce zip par mails à cette adresse stp :

https://www.bleepingcomputer.com/submit-malware.php?channel=4

C'est pour le developpeur de l'outil, merci.

Puis :

Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection.

1) Télécharge et installe

-- CCleaner
https://www.ccleaner.com/ccleaner/download
Choisis de préférence la version SLIM-No Toolbar.
Installe-le en prenant soin de décocher les diverses options dont la barre Yahoo et la mise à jour.
Lance CCleaner puis Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Pour les autres paramètres, laisse-le avec ses réglages par défaut.
Tuto Malwarebyte's Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

-- Mets Malwarebyte's Anti-Malware à jour

2) Scan avec Malwarebyte's Anti-Malware
(Relance Malwarebyte’s Anti-Malware si celui-ci s’est refermé )
Onglet "Recherche" >>> coche Exécuter un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats
Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau.
Puis ferme Malwarebyte's Anti-Malware

3) Suppression de fichiers inutiles avec CCleaner

Lance CCleaner en double-cliquant sur son raccourci sur le bureau.
Puis dans le menu Nettoyeur
Clique sur Analyse (laisse travailler cela peut durer longtemps la 1ere fois)
Clique sur le bouton Lancer le nettoyage.
Clique une seconde fois sur le bouton Lancer le nettoyage puis ferme CCleaner.

4) Rapports

Poste en réponse :
* Un nouveau rapport HijackThis
* Le rapport de Malwarebyte's Anti-Malware que tu as sauvegardé sur ton Bureau.

Bon courage

phi60420 Messages postés 169 Statut Membre 1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:15, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [avgnt] "C:\PROGRA~1\Avira\AntiVir PersonalEdition Classic\avgnt.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 18 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonsoir Phil

Pour Malwarebytes' Anti-Malware
C'est un bon scan passif que tu peux garder avec lequel tu pourras effectuer un nettoyage hebdomadaire, sans oublier de faire une mise à jour manuelle avant d'exécuter l’analyse .
Tuto Malwarebyte's Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Vide sa quarantaine :
Clique sur le raccourci de Malwarebytes' Anti-Malware , puis sur Quarantaine, clique sur "Tout supprimer"

On en profite pour enlever quelques lignes pour optimiser ton démarrage en évitant que les programmes qui s'y lancent inutilement, accaparent des ressources du système.
Cela désactive du démarrage des programmes qui ne sont pas primordiaux.
Un programme utilise des ressources quand il est en cours d'exécution.
Trop de programmes qui tournent utilisent beaucoup de ressources qui peuvent conduire au ralentissement de l'ordinateur.

Regarde ici "comment fixer/corriger des lignes via HijackThis http://pageperso.aol.fr/balltrap34/demohijack.htm

Désactive le résident de Spybot via clic droit dans la barre des taches , décoche Protection d résident et clique sur quitter résident de SpyBot S&D

1) Lance HijackThis.

Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [avgnt] "C:\PROGRA~1\Avira\AntiVir PersonalEdition Classic\avgnt.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.

Clique sur Fix checked puis clique sur OK
Puis ferme HijackThis.

Si certaines lignes sont absentes, signale les en fin de procédure

2) Rapport

Fais redémarrer ton PC et poste un nouveau rapport HijackThis

@ suivre

PS : J ai ajouté une entrée d'Antivir car, je ne sais pourquoi, mais v'la qu'il a deux entrées sur le démarrage maintenant ...

Réponse 19 / 31

phi60420 Messages postés 169 Statut Membre 1

bonjour
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:28, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 20 / 31

Le sioux Messages postés 4907 Statut Contributeur sécurité 496

Bonjour Phi

On réessaye certaine lignes n'ont pas disparues :

1) Lance HijackThis.

Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :

O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.

Clique sur Fix checked puis clique sur OK
Puis ferme HijackThis.

Si certaines lignes sont absentes, signale les en fin de procédure

2) Rapport

Fais redémarrer ton PC et poste un nouveau rapport HijackThis

@ suivre

phi60420 Messages postés 169 Statut Membre 1

re
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:26, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://g.advisurf.com/web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00027925-0017-4faf-9539-90E4AC0B9EC5} - (no file)
O2 - BHO: (no name) - {0755AEB9-CD5C-85D8-E73C-969940E7FCDC} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_S266.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70696ede427d4ba48f69a98de8f48e7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70696ede427d4ba48f69a98de8f48e7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.5.22/checkeredflag/checkeredflag-fr_FR.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-fr_FR.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.31/flinger/flinger-fr_FR.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/popfu/popfu-fr_FR.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.5.22/squelchies/squelchies-fr_FR.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.22/worldclass/worldclass-fr_FR.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Discussions similaires

Ouvrir un fichier .pub sans Publisher

Ouvrir document Publisher sans Publisher

Lire, afficher, exécuter un fichier *.pub sans Publisher

Discussions similaires

Newsletters