Comment enlever les pub CID
Fermé
Chichi
-
14 juin 2008 à 13:43
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 5 sept. 2008 à 08:40
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 5 sept. 2008 à 08:40
A voir également:
- Comment enlever les pub CID
- Bloqueur de pub youtube - Accueil - Streaming
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- YT Siphon : une extension pour contourner la pub sur YouTube - Accueil - Streaming
- Comment enlever une page sur word - Guide
5 réponses
Utilisateur anonyme
14 juin 2008 à 13:43
14 juin 2008 à 13:43
Télécharge lopS&D.exe sur ton bureau (Clique-droit sur le lien > Enregister la cible du lien sous)
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Désactive ton antivirus au cas où (tu pourras le réactiver après la fin du scan)
Double-clique sur lopSD pour lancer l'installation
Une fois installé, double-clique Lop S&D
Sélectionne la langue en appuyant sur la touche F, puis choisis l'option 1 (Recherche)
Si lopSD te demande de redémarrer accepte et attends la fin du scan.
Copie/colle le contenu du rapport qui se situe à la racine du DD C:\lopR.txt
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Désactive ton antivirus au cas où (tu pourras le réactiver après la fin du scan)
Double-clique sur lopSD pour lancer l'installation
Une fois installé, double-clique Lop S&D
Sélectionne la langue en appuyant sur la touche F, puis choisis l'option 1 (Recherche)
Si lopSD te demande de redémarrer accepte et attends la fin du scan.
Copie/colle le contenu du rapport qui se situe à la racine du DD C:\lopR.txt
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
14 juin 2008 à 19:08
14 juin 2008 à 19:08
Bonjour
5 cracks à supprimer et traces d' infection Vundo ...
------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\lllkknpo.ini2
C:\WINDOWS\system32\uxEeNmoq.ini2
[b]! VUNDO Possible !/b
=> C:\Documents and Settings\Administrateur\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw
=> C:\Documents and Settings\Administrateur\Mes documents\musique\IAM - Ma Cite Va Cracker.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\Uncle Cracker - Follow me.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
=> C:\Documents and Settings\All Users\SonicStage\Packages\Optimized Files\IAM - Ma Cite Va Cracker.OMA
....
5 cracks à supprimer et traces d' infection Vundo ...
------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\lllkknpo.ini2
C:\WINDOWS\system32\uxEeNmoq.ini2
[b]! VUNDO Possible !/b
=> C:\Documents and Settings\Administrateur\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw
=> C:\Documents and Settings\Administrateur\Mes documents\musique\IAM - Ma Cite Va Cracker.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\Uncle Cracker - Follow me.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
=> C:\Documents and Settings\All Users\SonicStage\Packages\Optimized Files\IAM - Ma Cite Va Cracker.OMA
....
oki sam donne sa ici
Search Navipromo version 3.5.8 commencé le 14/06/2008 à 14:22:00,06
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\lllkknpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uxEeNmoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 14/06/2008 à 14:56:07,17 ***
Search Navipromo version 3.5.8 commencé le 14/06/2008 à 14:22:00,06
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\lllkknpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uxEeNmoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 14/06/2008 à 14:56:07,17 ***
1) Télécharge Malwarebytes' Anti-Malware.
*Télécharge et installe Malwarebyte's Anti-Malware
*http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware
*A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
*Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
*Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
*Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
*Lance Malwarebyte's Anti-Malware
*Puis vs dans l'onglet "Recherche" puis coche "Exécuter un examen complet" puis "Rechercher sélectionne tes disques durs" puis clique sur "Lancer l’examen"
*A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
*Suppression des éléments détectés >>>> clique sur Supprimer la sélection
*S'il t'es demandé de redémarrer >>> clique sur "Yes"
*--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
*Télécharge et installe Malwarebyte's Anti-Malware
*http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware
*A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
*Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
*Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
*Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
*Lance Malwarebyte's Anti-Malware
*Puis vs dans l'onglet "Recherche" puis coche "Exécuter un examen complet" puis "Rechercher sélectionne tes disques durs" puis clique sur "Lancer l’examen"
*A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
*Suppression des éléments détectés >>>> clique sur Supprimer la sélection
*S'il t'es demandé de redémarrer >>> clique sur "Yes"
*--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
salutt je sais que je suis un peu en retard jai eu une soirée hier jte laisse le rapport jte remercie en avance
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 856
14:27:01 15/06/2008
mbam-log-6-15-2008 (14-26-59).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 136679
Temps écoulé: 2 hour(s), 58 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qomNeExu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBsTLFW.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4d46308-4971-4999-b550-f4dd71e63585} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d4d46308-4971-4999-b550-f4dd71e63585} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{657fe57a-1ac8-455e-9651-51044228c11a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{657fe57a-1ac8-455e-9651-51044228c11a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebstlfw (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cf3224b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2fc011d7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{657fe57a-1ac8-455e-9651-51044228c11a} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomneexu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomneexu -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\btoiqxuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuxqiotb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irijartp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ptrajiri.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgnaqaad.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\daaqangj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qomNeExu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uxEeNmoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxEeNmoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\tem12.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\tem18.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\upd2E.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\avtasks.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\PGE.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs\av.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs\ga6Support.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs\update.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\logon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obyptfuy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsTLFW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 856
14:27:01 15/06/2008
mbam-log-6-15-2008 (14-26-59).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 136679
Temps écoulé: 2 hour(s), 58 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qomNeExu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBsTLFW.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4d46308-4971-4999-b550-f4dd71e63585} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d4d46308-4971-4999-b550-f4dd71e63585} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{657fe57a-1ac8-455e-9651-51044228c11a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{657fe57a-1ac8-455e-9651-51044228c11a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebstlfw (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cf3224b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2fc011d7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{657fe57a-1ac8-455e-9651-51044228c11a} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomneexu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomneexu -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\btoiqxuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuxqiotb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irijartp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ptrajiri.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgnaqaad.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\daaqangj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qomNeExu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uxEeNmoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxEeNmoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\tem12.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\tem18.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\upd2E.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\avtasks.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\PGE.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs\av.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs\ga6Support.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\AntiVirusForAll\Logs\update.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\logon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obyptfuy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsTLFW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
16 juin 2008 à 07:46
16 juin 2008 à 07:46
Bonjour Chichi
1) VundoFix.exe par Atribune
Télécharge VundoFix.exe par Atribune http://vundofix.atribune.org/ sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique sur VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est terminé, clique sur le bouton Fix Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; coche les fichiers a supprimer qui te sont proposés, clique sur FixVundo et laisse Vundofix redémarrer le PC, renouvelle l'opération si demandé.
2) OTMoveIt de Old_Timer
Télécharge OTMoveIt2 de Old_Timer sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste standard List of Files/Folders to be moved.
C:\Documents and Settings\Administrateur\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw
C:\Documents and Settings\Administrateur\Mes documents\musique\IAM - Ma Cite Va Cracker.mp3
C:\Documents and Settings\Administrateur\Mes documents\musique\Uncle Cracker - Follow me.mp3
C:\Documents and Settings\Administrateur\Mes documents\musique\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
C:\Documents and Settings\All Users\SonicStage\Packages\Optimized Files\IAM - Ma Cite Va Cracker.OMA
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de faire redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.
3) Rapports
Poste dans ta prochaine réponse :
* Le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
* Le rapport de VundoFix situé dans C:\vundofix.txt
* Un nouveau rapport HijackThis
@ suivre
1) VundoFix.exe par Atribune
Télécharge VundoFix.exe par Atribune http://vundofix.atribune.org/ sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique sur VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est terminé, clique sur le bouton Fix Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; coche les fichiers a supprimer qui te sont proposés, clique sur FixVundo et laisse Vundofix redémarrer le PC, renouvelle l'opération si demandé.
2) OTMoveIt de Old_Timer
Télécharge OTMoveIt2 de Old_Timer sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste standard List of Files/Folders to be moved.
C:\Documents and Settings\Administrateur\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw
C:\Documents and Settings\Administrateur\Mes documents\musique\IAM - Ma Cite Va Cracker.mp3
C:\Documents and Settings\Administrateur\Mes documents\musique\Uncle Cracker - Follow me.mp3
C:\Documents and Settings\Administrateur\Mes documents\musique\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
C:\Documents and Settings\All Users\SonicStage\Packages\Optimized Files\IAM - Ma Cite Va Cracker.OMA
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de faire redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.
3) Rapports
Poste dans ta prochaine réponse :
* Le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
* Le rapport de VundoFix situé dans C:\vundofix.txt
* Un nouveau rapport HijackThis
@ suivre
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:11:09, on 04/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\sania\AppData\Local\esgmu.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\TELECO~1\SECURI~1\bin\OPTGui.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [esgmu] "c:\users\sania\appdata\local\esgmu.exe" esgmu
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.kpjgvr8"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\This Soap Defy.5tz4xr"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Sécurité Enfants (OPTENET_FILTER) - Telecom Italia France - C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Scan saved at 08:11:09, on 04/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\sania\AppData\Local\esgmu.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\TELECO~1\SECURI~1\bin\OPTGui.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [esgmu] "c:\users\sania\appdata\local\esgmu.exe" esgmu
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.kpjgvr8"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\This Soap Defy.5tz4xr"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Sécurité Enfants (OPTENET_FILTER) - Telecom Italia France - C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
5 sept. 2008 à 08:40
5 sept. 2008 à 08:40
Bonjour meavaaa
Ton PC est infecté par l'adware Magic control/Navipromo.
Il serait plus que préférable que tu crées ton propre sujet.
Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Pour t'y aider, regarde ici :
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
http://pagesperso-orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
Salut.
Ton PC est infecté par l'adware Magic control/Navipromo.
Il serait plus que préférable que tu crées ton propre sujet.
Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Pour t'y aider, regarde ici :
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
http://pagesperso-orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
Salut.
14 juin 2008 à 18:08
-----------------------[ Lop S&D 4.2.1-4 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Administrateur ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 14/06/2008 | 11:50:21,26 ] [ PC : USER-3279CFA19A ]
[ MAJ : 13-06-2008 | 02:10 ]
-------------[ Listing des dossiers dans Application Data ]------------
[29/04/2006|15:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/04/2006|09:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeDLM.log
[22/04/2006|09:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[17/01/2006|18:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[08/10/2007|23:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\AntivirusForAll
[01/08/2007|23:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[13/07/2007|16:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\BonkEnc
[11/05/2008|20:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
[20/05/2006|17:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[22/12/2005|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[01/12/2006|13:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
[22/04/2006|09:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\dm.ini
[17/01/2006|17:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\FotoWire
[30/10/2006|14:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[28/07/2007|10:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\GRETECH
[11/05/2008|20:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\idol eq
[15/07/2006|10:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[07/05/2008|18:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\LANCITE
[12/02/2006|20:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[15/10/2007|20:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/09/2006|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[13/04/2006|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[20/01/2006|14:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[22/01/2006|15:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[24/08/2006|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Syntrillium
[26/09/2006|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[13/12/2007|18:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
[22/04/2006|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/07/2007|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/02/2007|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[08/06/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[14/12/2006|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
[14/04/2008|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[20/05/2006|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[22/12/2005|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[28/04/2008|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb pure bind support
[04/02/2006|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/07/2007|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[24/04/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[24/04/2008|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[17/01/2006|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[11/06/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mail part itch media
[22/01/2006|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/01/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[25/01/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[25/08/2007|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[20/05/2006|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[20/01/2006|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[22/10/2007|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[21/03/2008|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/06/2007|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[23/01/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[18/08/2007|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\up creative first dumb
[22/12/2005|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/05/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[30/06/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[18/02/2006|18:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[22/12/2005|16:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[22/12/2005|21:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/06/2006|11:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\CyberLink
[22/12/2005|21:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[22/12/2005|21:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[14/06/2008 11:00][--ah-----] C:\WINDOWS\tasks\B3E3FB2699BC6DE6.job
[07/06/2008 21:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/06/2008 11:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
B3E3FB2699BC6DE6.job <--> c:\docume~1\admini~1\applic~1\idoleq~1\ProxyArmyMapi.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/09/2006|16:16] C:\Program Files\ABBYY FineReader 5.0 Sprint
[13/09/2006|16:03] C:\Program Files\ABBYY FineReader 6.0
[22/04/2006|09:45] C:\Program Files\Adobe
[05/12/2007|00:03] C:\Program Files\Apple Software Update
[16/02/2007|20:39] C:\Program Files\AviSynth 2.5
[09/06/2008|21:02] C:\Program Files\Bonjour
[13/07/2007|16:40] C:\Program Files\BonkEnc
[11/06/2008|23:06] C:\Program Files\BrowsingEnhancer
[22/12/2005|23:26] C:\Program Files\CA
[22/12/2005|21:48] C:\Program Files\ComPlus Applications
[03/03/2008|13:52] C:\Program Files\coolpro2
[14/04/2008|21:02] C:\Program Files\Corel
[08/05/2006|16:50] C:\Program Files\CorelPaintShopProX
[12/09/2006|19:22] C:\Program Files\CyberLink
[17/01/2006|17:53] C:\Program Files\directx
[29/11/2006|13:57] C:\Program Files\DivX
[22/02/2006|13:25] C:\Program Files\DJ Mix Pro
[10/06/2006|06:34] C:\Program Files\FaxTools
[07/06/2008|18:52] C:\Program Files\FBrowserAdvisor
[14/06/2008|07:47] C:\Program Files\FBrowsingAdvisor
[14/04/2008|21:02] C:\Program Files\Fichiers communs
[05/05/2007|19:27] C:\Program Files\FLVPlayer
[13/07/2007|16:49] C:\Program Files\Gamenext
[03/11/2007|11:54] C:\Program Files\Google
[28/07/2007|10:21] C:\Program Files\GRETECH
[20/12/2006|00:36] C:\Program Files\GXTranscoder v2
[05/09/2006|12:40] C:\Program Files\Hotextractor
[28/04/2008|22:06] C:\Program Files\idol eq
[11/02/2007|15:06] C:\Program Files\InstallShield Installation Information
[22/12/2005|22:56] C:\Program Files\Intel
[02/01/2008|14:47] C:\Program Files\Interapple
[11/04/2008|08:34] C:\Program Files\Internet Explorer
[09/06/2008|21:11] C:\Program Files\iPod
[09/06/2008|21:11] C:\Program Files\iTunes
[12/09/2006|19:25] C:\Program Files\Jasc Software Inc
[07/07/2006|12:15] C:\Program Files\Java
[22/12/2005|23:42] C:\Program Files\Lavasoft
[13/09/2006|15:49] C:\Program Files\Lexmark X1100 Series
[19/04/2008|15:41] C:\Program Files\LimeWire
[01/05/2008|20:44] C:\Program Files\LizardTech
[17/01/2006|17:50] C:\Program Files\Logitech
[10/06/2006|06:34] C:\Program Files\Messenger
[27/05/2008|21:19] C:\Program Files\Messenger Plus! Live
[30/06/2006|15:36] C:\Program Files\MessengerDiscovery
[02/10/2006|21:16] C:\Program Files\MessengerPlus! 3
[22/12/2005|21:54] C:\Program Files\microsoft frontpage
[22/12/2005|23:39] C:\Program Files\Microsoft Office
[10/06/2008|19:53] C:\Program Files\Microsoft Silverlight
[08/05/2008|07:12] C:\Program Files\Microsoft SQL Server Compact Edition
[08/06/2008|11:08] C:\Program Files\mobile PhoneTools
[17/06/2007|03:12] C:\Program Files\Morpheus
[15/07/2007|03:19] C:\Program Files\MorpheusBar
[22/12/2005|21:49] C:\Program Files\Movie Maker
[14/06/2008|11:20] C:\Program Files\Mozilla Firefox
[22/12/2005|21:47] C:\Program Files\MSN Gaming Zone
[16/11/2006|10:34] C:\Program Files\MSXML 4.0
[24/05/2008|08:45] C:\Program Files\Navilog1
[22/12/2005|23:29] C:\Program Files\Nero
[22/12/2005|21:50] C:\Program Files\NetMeeting
[22/12/2005|21:48] C:\Program Files\Online Services
[17/06/2007|03:04] C:\Program Files\Outlook Express
[05/06/2007|12:05] C:\Program Files\PopCap Games
[08/03/2007|14:07] C:\Program Files\Project64 1.6
[08/05/2006|16:50] C:\Program Files\pspbrwse.jbf
[09/06/2008|21:00] C:\Program Files\QuickTime
[17/01/2006|17:49] C:\Program Files\Real
[22/12/2005|23:43] C:\Program Files\SereneScreen
[22/12/2005|21:51] C:\Program Files\Services en ligne
[20/05/2006|17:32] C:\Program Files\SmartSound Software
[12/09/2006|19:27] C:\Program Files\Sonic Foundry
[22/08/2006|20:19] C:\Program Files\Sonic Foundry Setup
[20/01/2006|11:42] C:\Program Files\Sony
[20/01/2006|11:42] C:\Program Files\Sony Corporation
[26/05/2008|21:12] C:\Program Files\Sony Ericsson
[20/03/2008|20:16] C:\Program Files\Spybot - Search & Destroy
[20/03/2008|21:50] C:\Program Files\SpyShredder
[06/02/2006|16:21] C:\Program Files\Sunbelt Software
[07/11/2006|22:20] C:\Program Files\TryMedia
[22/12/2005|22:01] C:\Program Files\Uninstall Information
[13/07/2007|16:50] C:\Program Files\VirtualDJ
[03/11/2007|11:55] C:\Program Files\vp4eDemo
[28/04/2006|20:40] C:\Program Files\Winamp
[27/05/2008|07:45] C:\Program Files\Windows Live
[02/03/2008|21:17] C:\Program Files\Windows Live Safety Center
[17/01/2006|17:49] C:\Program Files\Windows Media Components
[11/07/2007|11:47] C:\Program Files\Windows Media Connect 2
[17/02/2008|01:15] C:\Program Files\Windows Media Player
[22/12/2005|21:47] C:\Program Files\Windows NT
[22/12/2005|21:51] C:\Program Files\WindowsUpdate
[10/03/2007|11:51] C:\Program Files\WinRAR
[06/12/2007|09:47] C:\Program Files\WinZip
[22/12/2005|21:54] C:\Program Files\xerox
[26/09/2006|02:14] C:\Program Files\XviD
[28/02/2007|14:44] C:\Program Files\Yahoo!
[07/11/2006|22:19] C:\Program Files\Yahoo! Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[08/05/2006|17:44] C:\Program Files\Fichiers communs\Adobe
[22/12/2005|23:29] C:\Program Files\Fichiers communs\Ahead
[02/07/2007|00:28] C:\Program Files\Fichiers communs\Apple
[14/04/2008|21:03] C:\Program Files\Fichiers communs\Corel
[22/12/2005|23:40] C:\Program Files\Fichiers communs\Designer
[17/01/2006|17:49] C:\Program Files\Fichiers communs\FotoWire
[20/01/2006|11:40] C:\Program Files\Fichiers communs\InstallShield
[07/07/2006|12:14] C:\Program Files\Fichiers communs\Java
[17/01/2006|17:52] C:\Program Files\Fichiers communs\Logitech
[30/03/2008|03:13] C:\Program Files\Fichiers communs\Microsoft Shared
[30/05/2007|16:18] C:\Program Files\Fichiers communs\Motorola Shared
[22/12/2005|21:50] C:\Program Files\Fichiers communs\MSSoap
[10/04/2006|19:10] C:\Program Files\Fichiers communs\Nullsoft
[22/12/2005|16:26] C:\Program Files\Fichiers communs\ODBC
[13/04/2006|17:14] C:\Program Files\Fichiers communs\Real
[22/12/2005|21:50] C:\Program Files\Fichiers communs\Services
[20/01/2006|11:43] C:\Program Files\Fichiers communs\Sony Shared
[22/12/2005|16:26] C:\Program Files\Fichiers communs\SpeechEngines
[17/06/2007|03:04] C:\Program Files\Fichiers communs\System
[04/03/2008|16:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 46
IEXPLORE.EXE ~ [2524]
IEXPLORE.EXE ~ [1836]
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb pure bind support
C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb pure bind support\Mags Bend.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\idoleq~1
C:\Program Files\idoleq~1
C:\WINDOWS\Prefetch\MAGS BEND.EXE-34201E8D.pf
C:\DOCUME~1\ADMINI~1\Cookies\administrateur@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\B3E3FB2699BC6DE6.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plancoal"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\IDOLEQ~1\\Burnrealmeal.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BIND SUPPORT SEEK FIRST"="C:\\Documents and Settings\\All Users\\Application Data\\dumb pure bind support\\Mags Bend.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD
-> 8130 ( 70 ## added by CiD )
/!\ 1 Not 127.0.0.1 !!
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 11:58:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\lllkknpo.ini2
C:\WINDOWS\system32\uxEeNmoq.ini2
[b]! VUNDO Possible !/b
=> C:\Documents and Settings\Administrateur\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw
=> C:\Documents and Settings\Administrateur\Mes documents\musique\IAM - Ma Cite Va Cracker.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\Uncle Cracker - Follow me.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
=> C:\Documents and Settings\All Users\SonicStage\Packages\Optimized Files\IAM - Ma Cite Va Cracker.OMA
[F:14936][D:84]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:300][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:445][D:79]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 12:04:52,14 ]----------------------
14 juin 2008 à 18:17
14 juin 2008 à 19:02
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Administrateur ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 14/06/2008 | 12:45:33,82 ] [ PC : USER-3279CFA19A ]
[ MAJ : 13-06-2008 | 02:10 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb pure bind support\Mags Bend.exe
Supprimé! - C:\WINDOWS\Prefetch\MAGS BEND.EXE-34201E8D.pf
Supprimé! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@adopt.euroclick[1].txt
Supprimé! - C:\WINDOWS\Tasks\B3E3FB2699BC6DE6.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb pure bind support
Supprimé! - C:\DOCUME~1\ADMINI~1\APPLIC~1\idoleq~1
Supprimé! - C:\Program Files\idoleq~1
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[29/04/2006|15:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/04/2006|09:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeDLM.log
[22/04/2006|09:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[17/01/2006|18:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[08/10/2007|23:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\AntivirusForAll
[01/08/2007|23:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[13/07/2007|16:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\BonkEnc
[11/05/2008|20:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
[20/05/2006|17:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[22/12/2005|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[01/12/2006|13:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
[22/04/2006|09:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\dm.ini
[17/01/2006|17:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\FotoWire
[30/10/2006|14:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[28/07/2007|10:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\GRETECH
[15/07/2006|10:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[07/05/2008|18:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\LANCITE
[12/02/2006|20:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[15/10/2007|20:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/09/2006|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[13/04/2006|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[20/01/2006|14:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[22/01/2006|15:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[24/08/2006|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Syntrillium
[26/09/2006|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[13/12/2007|18:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
[22/04/2006|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/07/2007|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/02/2007|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[08/06/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[14/12/2006|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
[14/04/2008|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[20/05/2006|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[22/12/2005|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[04/02/2006|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/07/2007|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[24/04/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[24/04/2008|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[17/01/2006|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[11/06/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mail part itch media
[22/01/2006|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/01/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[25/01/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[25/08/2007|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[20/05/2006|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[20/01/2006|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[22/10/2007|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[21/03/2008|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/06/2007|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[23/01/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[18/08/2007|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\up creative first dumb
[22/12/2005|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/05/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[30/06/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[18/02/2006|18:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[22/12/2005|16:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[22/12/2005|21:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/06/2006|11:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\CyberLink
[22/12/2005|21:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[22/12/2005|21:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[07/06/2008 21:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/06/2008 11:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[13/09/2006|16:16] C:\Program Files\ABBYY FineReader 5.0 Sprint
[13/09/2006|16:03] C:\Program Files\ABBYY FineReader 6.0
[22/04/2006|09:45] C:\Program Files\Adobe
[05/12/2007|00:03] C:\Program Files\Apple Software Update
[16/02/2007|20:39] C:\Program Files\AviSynth 2.5
[09/06/2008|21:02] C:\Program Files\Bonjour
[13/07/2007|16:40] C:\Program Files\BonkEnc
[11/06/2008|23:06] C:\Program Files\BrowsingEnhancer
[22/12/2005|23:26] C:\Program Files\CA
[22/12/2005|21:48] C:\Program Files\ComPlus Applications
[03/03/2008|13:52] C:\Program Files\coolpro2
[14/04/2008|21:02] C:\Program Files\Corel
[08/05/2006|16:50] C:\Program Files\CorelPaintShopProX
[12/09/2006|19:22] C:\Program Files\CyberLink
[17/01/2006|17:53] C:\Program Files\directx
[29/11/2006|13:57] C:\Program Files\DivX
[22/02/2006|13:25] C:\Program Files\DJ Mix Pro
[10/06/2006|06:34] C:\Program Files\FaxTools
[07/06/2008|18:52] C:\Program Files\FBrowserAdvisor
[14/06/2008|07:47] C:\Program Files\FBrowsingAdvisor
[14/04/2008|21:02] C:\Program Files\Fichiers communs
[05/05/2007|19:27] C:\Program Files\FLVPlayer
[13/07/2007|16:49] C:\Program Files\Gamenext
[03/11/2007|11:54] C:\Program Files\Google
[28/07/2007|10:21] C:\Program Files\GRETECH
[20/12/2006|00:36] C:\Program Files\GXTranscoder v2
[05/09/2006|12:40] C:\Program Files\Hotextractor
[11/02/2007|15:06] C:\Program Files\InstallShield Installation Information
[22/12/2005|22:56] C:\Program Files\Intel
[02/01/2008|14:47] C:\Program Files\Interapple
[11/04/2008|08:34] C:\Program Files\Internet Explorer
[09/06/2008|21:11] C:\Program Files\iPod
[09/06/2008|21:11] C:\Program Files\iTunes
[12/09/2006|19:25] C:\Program Files\Jasc Software Inc
[07/07/2006|12:15] C:\Program Files\Java
[22/12/2005|23:42] C:\Program Files\Lavasoft
[13/09/2006|15:49] C:\Program Files\Lexmark X1100 Series
[19/04/2008|15:41] C:\Program Files\LimeWire
[01/05/2008|20:44] C:\Program Files\LizardTech
[17/01/2006|17:50] C:\Program Files\Logitech
[10/06/2006|06:34] C:\Program Files\Messenger
[27/05/2008|21:19] C:\Program Files\Messenger Plus! Live
[30/06/2006|15:36] C:\Program Files\MessengerDiscovery
[02/10/2006|21:16] C:\Program Files\MessengerPlus! 3
[22/12/2005|21:54] C:\Program Files\microsoft frontpage
[22/12/2005|23:39] C:\Program Files\Microsoft Office
[10/06/2008|19:53] C:\Program Files\Microsoft Silverlight
[08/05/2008|07:12] C:\Program Files\Microsoft SQL Server Compact Edition
[08/06/2008|11:08] C:\Program Files\mobile PhoneTools
[17/06/2007|03:12] C:\Program Files\Morpheus
[15/07/2007|03:19] C:\Program Files\MorpheusBar
[22/12/2005|21:49] C:\Program Files\Movie Maker
[14/06/2008|11:20] C:\Program Files\Mozilla Firefox
[22/12/2005|21:47] C:\Program Files\MSN Gaming Zone
[16/11/2006|10:34] C:\Program Files\MSXML 4.0
[24/05/2008|08:45] C:\Program Files\Navilog1
[22/12/2005|23:29] C:\Program Files\Nero
[22/12/2005|21:50] C:\Program Files\NetMeeting
[22/12/2005|21:48] C:\Program Files\Online Services
[17/06/2007|03:04] C:\Program Files\Outlook Express
[05/06/2007|12:05] C:\Program Files\PopCap Games
[08/03/2007|14:07] C:\Program Files\Project64 1.6
[08/05/2006|16:50] C:\Program Files\pspbrwse.jbf
[09/06/2008|21:00] C:\Program Files\QuickTime
[17/01/2006|17:49] C:\Program Files\Real
[22/12/2005|23:43] C:\Program Files\SereneScreen
[22/12/2005|21:51] C:\Program Files\Services en ligne
[20/05/2006|17:32] C:\Program Files\SmartSound Software
[12/09/2006|19:27] C:\Program Files\Sonic Foundry
[22/08/2006|20:19] C:\Program Files\Sonic Foundry Setup
[20/01/2006|11:42] C:\Program Files\Sony
[20/01/2006|11:42] C:\Program Files\Sony Corporation
[26/05/2008|21:12] C:\Program Files\Sony Ericsson
[20/03/2008|20:16] C:\Program Files\Spybot - Search & Destroy
[20/03/2008|21:50] C:\Program Files\SpyShredder
[06/02/2006|16:21] C:\Program Files\Sunbelt Software
[07/11/2006|22:20] C:\Program Files\TryMedia
[22/12/2005|22:01] C:\Program Files\Uninstall Information
[13/07/2007|16:50] C:\Program Files\VirtualDJ
[03/11/2007|11:55] C:\Program Files\vp4eDemo
[28/04/2006|20:40] C:\Program Files\Winamp
[27/05/2008|07:45] C:\Program Files\Windows Live
[02/03/2008|21:17] C:\Program Files\Windows Live Safety Center
[17/01/2006|17:49] C:\Program Files\Windows Media Components
[11/07/2007|11:47] C:\Program Files\Windows Media Connect 2
[17/02/2008|01:15] C:\Program Files\Windows Media Player
[22/12/2005|21:47] C:\Program Files\Windows NT
[22/12/2005|21:51] C:\Program Files\WindowsUpdate
[10/03/2007|11:51] C:\Program Files\WinRAR
[06/12/2007|09:47] C:\Program Files\WinZip
[22/12/2005|21:54] C:\Program Files\xerox
[26/09/2006|02:14] C:\Program Files\XviD
[28/02/2007|14:44] C:\Program Files\Yahoo!
[07/11/2006|22:19] C:\Program Files\Yahoo! Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[08/05/2006|17:44] C:\Program Files\Fichiers communs\Adobe
[22/12/2005|23:29] C:\Program Files\Fichiers communs\Ahead
[02/07/2007|00:28] C:\Program Files\Fichiers communs\Apple
[14/04/2008|21:03] C:\Program Files\Fichiers communs\Corel
[22/12/2005|23:40] C:\Program Files\Fichiers communs\Designer
[17/01/2006|17:49] C:\Program Files\Fichiers communs\FotoWire
[20/01/2006|11:40] C:\Program Files\Fichiers communs\InstallShield
[07/07/2006|12:14] C:\Program Files\Fichiers communs\Java
[17/01/2006|17:52] C:\Program Files\Fichiers communs\Logitech
[30/03/2008|03:13] C:\Program Files\Fichiers communs\Microsoft Shared
[30/05/2007|16:18] C:\Program Files\Fichiers communs\Motorola Shared
[22/12/2005|21:50] C:\Program Files\Fichiers communs\MSSoap
[10/04/2006|19:10] C:\Program Files\Fichiers communs\Nullsoft
[22/12/2005|16:26] C:\Program Files\Fichiers communs\ODBC
[13/04/2006|17:14] C:\Program Files\Fichiers communs\Real
[22/12/2005|21:50] C:\Program Files\Fichiers communs\Services
[20/01/2006|11:43] C:\Program Files\Fichiers communs\Sony Shared
[22/12/2005|16:26] C:\Program Files\Fichiers communs\SpeechEngines
[17/06/2007|03:04] C:\Program Files\Fichiers communs\System
[04/03/2008|16:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
---------------------------[ Process ]--------------------------
... 44
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 12:51:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\lllkknpo.ini2
C:\WINDOWS\system32\uxEeNmoq.ini2
[b]! VUNDO Possible !/b
=> C:\Documents and Settings\Administrateur\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw
=> C:\Documents and Settings\Administrateur\Mes documents\musique\IAM - Ma Cite Va Cracker.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\Uncle Cracker - Follow me.mp3
=> C:\Documents and Settings\Administrateur\Mes documents\musique\WinACE, WinRAR, & WinZip 8 (Fully Working Plus Cracks) .zip
=> C:\Documents and Settings\All Users\SonicStage\Packages\Optimized Files\IAM - Ma Cite Va Cracker.OMA
[F:14931][D:84]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:301][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:868][D:79]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 12:53:33,12 ]----------------------
sa me donne sa c'est fini la ?? ou jdoit passer a une autre option?
14 juin 2008 à 19:05
• Vider la corbeille
• Fermer toutes les applications
================NAVILOG====================
* Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
* Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
* Faire un clic droit sur navilog1.zip et choisir "tout extraire"
* Double-cliquez sur navilog1.exe
* Arriver au menu principal, choisir l'option 1 et valider.
* Patientez jusqu'au message : Analyse Termine le ...
* Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt)