Bonjour, Je ne sais pas comment me debarasser de Crazygirls et serialplayers dont des raccourcis apparaissent sur mon bureau Deplus un message d'alerte apparemment venant de windows explorer me demande sans arret de telecharger un antivirus efficace car mon pc serait infecté par 45 logiciels espions et autres !!! enfin c'est le délire et je ne sais pas quoi faire, qqun pourrait il m'aider ? Merci beaucoup

Crazygirls et serialplayers + mess d'alerte [Résolu]

Réponse 1 / 14

^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
2 juil. 2008 à 21:39

Re

Télécharger Adobe Reader 8.1 pour Windows http://ardownload.adobe.com/pub/adobe/reader/win/8.x/8.1/fra/AdbeRdr810_fr_FR.exe
(lien direct)

1/ Télécharge et installe CCleaner
(attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

http://www.clubic.com/lancer-le-telechargement-20932-0-ccleaner-crap-cleaner-.html

2/ 2/ Télécharge AVG
https://kerio.probb.fr/t387-tuto-avg-anti-spyware-anti-spyware
http://www.commentcamarche.net/telecharger/avg anti spyware 218 avis opinions.php3#avis

Lance AVG Anti-Spyware et clique sur le bouton Mise à jour.
Tu fermes

3/ Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

7/ Lance CCleaner
puis bouton Analyse ensuite Bouton Lancer le Nettoyage

8/ Lance AVG
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
/!\ Si un fichier est infecté en fin d'analyse /!\
choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Copie/colle le rapport

9/ Redémarre normalement

et poste un nouveau rapport HijackThis.

as-tu encore des dysfonctionnements ?

Fait
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur " Boonty Games "
Clique en bas sur " Arrêter "
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete a NT Service
Tape " BOONTY " puis valide.

Utilises tu des jeux de boonty games depuis longtemps ?
Voici une petite information sur Boonty games

Leur politique :
"Il se peut que nous partageons aussi des informations payantes avec des tiers
qui fournissent ds services payants et partage des données regroupées montrant le type
et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."

+++++++++++++++

neo
2 juil. 2008 à 21:48

bonjour marie merci pour tes conseils mais
a quoi sert tous ca ? c est un peu du chinois pour moi ?

^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275 > neo
2 juil. 2008 à 21:50

Cela sert à mettre ton PC à jour
Cela sert à alléger ton PC
Cela sert à surfer pour l'avenir un peu plus tranquillement

Tu suis à la lettre les indications
Tu regardes bien, cela est très bien expliqué.

neo > ^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020
2 juil. 2008 à 21:57

ok merci beaucoup marie

^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275 > neo
2 juil. 2008 à 21:58

N'hésites pas à demander ;;))

Réponse 2 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 18:34

bonjour et bienvenu

telecharge malwarebytes mes le a jour puis lance un scan complet et supprime tous se qu'il trouve

aide:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

puis telecharge hijacklthis fais un scan et colle moi le log ici

aide:

https://forums.cnetfrance.fr

neo
2 juil. 2008 à 20:00

dsl
ca prends du temps, je ne suis pas tres experimenté, j installe correctement le 2eme logiciel...

Réponse 3 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 20:01

ok

neo
2 juil. 2008 à 20:21

voila
est ce que ca va ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:10, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\documents and settings\lilian.j\local settings\application data\aomwaoa.exe
C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\PROGRA~1\WANADOO\Toaster.exe
C:\PROGRA~1\WANADOO\Inactivity.exe
C:\PROGRA~1\WANADOO\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\WANADOO\Watch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\nsinet.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [aomwaoa] c:\documents and settings\lilian.j\local settings\application data\aomwaoa.exe aomwaoa
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{309B1B01-9ADD-408C-B950-4D90CC67D214}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{309B1B01-9ADD-408C-B950-4D90CC67D214}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Réponse 4 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 20:23

oui

as tu fais le scan avec malwarebytes?

neo
2 juil. 2008 à 20:42

oui j ai supprimé 127 fichiers infectés je crois... est ce que c est bon maintenant ?

neo
2 juil. 2008 à 20:45

mais il reste les icones de crazygirls et gamesdesktop sur le bureau..

Réponse 5 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 20:45

non

poste moi le log de malwarebytes si tu la

fais ca:

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

neo
2 juil. 2008 à 20:50

voici le rapport
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 914
Windows 5.1.2600 Service Pack 2

19:39:53 02/07/2008
mbam-log-7-2-2008 (19-39-53).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95042
Temps écoulé: 33 minute(s), 7 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 68
Fichier(s) infecté(s): 119

Processus mémoire infecté(s):
C:\WINDOWS\system32\nsinet.exe (Adware.NaviPromo) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\egdhtml (Adware.NaviPromo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.NaviPromo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom\3020 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom\3020\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\www.waypointcash.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\www.waypointcash.com\conversion (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\SerialPlayers.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\CrazyGirls.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Fun-Games.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\GamesDesktop.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons\CrazyGirls.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\b2112561c0023051116c032787f25dcb.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\b2112561c0023051116c032787f25dcb.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\bg.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\index_01.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\index_03.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\index_04.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\index_07.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\fp.pc-on-internet.com\50256\images\index_05.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\external-api.dlv4.com\hits\c0ad6fbda9ff86c18b445d30c67c0a98 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\331175142\external-api.dlv4.com\js\1d45fcfffc5f1c23efdb78cce2a31a91 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\11e26ad9d85b5a49d9e5d2f322880838.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\11e26ad9d85b5a49d9e5d2f322880838.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\external-api.dlv4.com\hits\cbc42ee26cc78fa1ecd60c3a962b9dde (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\492542715\external-api.dlv4.com\js\f98a29ae26d08bbb08d1ea675886944b (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\Fun-Games.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\1e24a6ed8b546bf13fce66506e8ad486.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\1e24a6ed8b546bf13fce66506e8ad486.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_03.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_04.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_06.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_07.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_09.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_10.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_11.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_12.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_16.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_17.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_18.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\flash-2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\flash-1.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\flash-3.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_05.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\traffic.waypointcash.com\emoticonsplanet.com\enter\4\fr\emoticonsplanet_13.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\Common\56c55c682b72a4a493d7afcb8f872f01.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom\3020\FR\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom\3020\FR\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom\3020\FR\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-scripts.nccgateway.com\custom\3020\FR\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\www.waypointcash.com\conversion\ac9bd99bccae02f8a27e66ae9b3f9905 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\612090947\es6-external-api.dlv4.com\js\ab723c17737b602eda870ea765aa3111 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\e1ea69400064cb516fd12a314bedd33e.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\e1ea69400064cb516fd12a314bedd33e.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\index_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\index_04.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\index_05.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\index_07.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\index_06.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\fp.pc-on-internet.com\50265\images\bckg.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\external-api.dlv4.com\hits\3d394244bb0d384c66278299882f0b49 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\865325026\external-api.dlv4.com\js\dfb057ead17a2d75e52c77e6fbd2bd87 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\8adec8ca34074292099b271bf28afb80.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\8adec8ca34074292099b271bf28afb80.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\external-api.dlv4.com\hits\22805e877fc6e91fba1d0f948d203ec5 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1178751538\external-api.dlv4.com\js\6ba1c9576c9301fdb5cc1aa3a5bdc874 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\47ecb9f5a701fc981a95c7e791d0df29.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\47ecb9f5a701fc981a95c7e791d0df29.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_02.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_03.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_04.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_06.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_07.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_08.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\fp.pc-on-internet.com\50322\images\index_v4_09.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\external-api.dlv4.com\hits\d5fecd601a791a635119d2100317bb78 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\290594727\external-api.dlv4.com\js\85ef922edf07d3e0374b6f83e41ecbf2 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\SerialPlayers.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\c928cc6bc718a9d4593afbba8ab04c4c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\c928cc6bc718a9d4593afbba8ab04c4c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\external-api.dlv4.com\hits\63408d371316fc2da9ca7e4659b80ee6 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\173150660\external-api.dlv4.com\js\94adc4b929b755b3cba685fe56ea5643 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\GamesDesktop.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\47ecb9f5a701fc981a95c7e791d0df29.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\47ecb9f5a701fc981a95c7e791d0df29.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_02.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_03.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_04.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_06.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_07.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_08.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\fp.pc-on-internet.com\50322\images\index_v4_09.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\external-api.dlv4.com\hits\6c0cbdc6313a2885306947101fdac5a2 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\737387996\external-api.dlv4.com\js\85ef922edf07d3e0374b6f83e41ecbf2 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsinet.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\SerialPlayers.lnk (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lilian.J\Menu Démarrer\SerialPlayers.lnk (Adware.NaviPromo) -> Quarantined and deleted successfully.

neo
2 juil. 2008 à 20:53

et le dernier...
Search Navipromo version 3.6.0 commencé le 02/07/2008 à 20:49:46,70

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Lilian.J"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit
Instant Access

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

C:\Program Files\Instant Access trouvé !

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Lilian.J\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Lilian.J\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Lilian.J\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

Fichiers suspects :

nsinet.exe trouvé !

* Recherche dans "C:\Documents and Settings\Lilian.J\locals~1\applic~1" *

Fichiers suspects :

aomwaoa.exe trouvé !
aomwaoa.dat trouvé !
aomwaoa_nav.dat trouvé !
aomwaoa_navps.dat trouvé !

*** Recherche fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

C:\WINDOWS\system32\nsinet.exe trouvé !

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Lilian.J\locals~1\applic~1" :

aomwaoa.dat trouvé !
aomwaoa_nav.dat trouvé !
aomwaoa_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

Réponse 6 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 20:52

ok

et ta fais navilog?

Réponse 7 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 20:55

ok

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

Réponse 8 / 14

neo
2 juil. 2008 à 20:56

oui tu dois l'avoir recu

Réponse 9 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 20:57

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

neo
2 juil. 2008 à 21:09

ok voici le rapport
Clean Navipromo version 3.6.0 commencé le 02/07/2008 à 21:02:29,48

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Lilian.J"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\Lilian.J\locals~1\applic~1" *

Autres Suppressions :

aomwaoa.exe trouvé !
Copie aomwaoa.exe réalisée avec succès !
aomwaoa.exe supprimé !

aomwaoa.dat trouvé !
Copie aomwaoa.dat réalisée avec succès !
aomwaoa.dat supprimé !

aomwaoa_nav.dat trouvé !
Copie aomwaoa_nav.dat réalisée avec succès !
aomwaoa_nav.dat supprimé !

aomwaoa_navps.dat trouvé !
Copie aomwaoa_navps.dat réalisée avec succès !
aomwaoa_navps.dat supprimé !

C:\WINDOWS\prefetch\aomwaoa*.pf trouvé !
Copie C:\WINDOWS\prefetch\aomwaoa*.pf réalisée avec succès !
C:\WINDOWS\prefetch\aomwaoa*.pf supprimé !

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

C:\Program Files\Instant Access ...suppression...
C:\Program Files\Instant Access supprimé !

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Lilian.J\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Lilian.J\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Lilian.J\menud+~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Lilian.J\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\Lilian.J\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 02/07/2008 à 21:06:15,71 ***

neo
2 juil. 2008 à 21:12

les raccourcis ont disparu mais il reste des icone (crazygirls et gamesdesktop) genre icones d'installation...

Réponse 10 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 21:10

ok reposte moi un log hijackthis

neo
2 juil. 2008 à 21:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:08, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\PROGRA~1\WANADOO\Toaster.exe
C:\PROGRA~1\WANADOO\Inactivity.exe
C:\PROGRA~1\WANADOO\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\WANADOO\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{309B1B01-9ADD-408C-B950-4D90CC67D214}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{309B1B01-9ADD-408C-B950-4D90CC67D214}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Réponse 11 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 21:13

reposte un log hijackthis

Réponse 12 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 21:17

wawww le log hijackthis est propre comparer a l'autre fois!!

fais ca:

https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

neo
2 juil. 2008 à 21:20

on me dis que le logiciel est depassé et payant pour la nouvelle version...

Réponse 13 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
2 juil. 2008 à 21:25

non tinkiete ne lis pas ca telecharge le ici

https://www.01net.com/telecharger/

neo
2 juil. 2008 à 21:46

bon le telechargement est assez long, je sais pas pourkoi...mais ca vient, je fais quoi avec

^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275 > neo
2 juil. 2008 à 21:47

Regarde ce que je t'ai mis
Tu dois avoir un max de cookies pour la longueur de ton log

neo
2 juil. 2008 à 22:00

bon je pense avoir tout fais, j ai telecharger avg mais n arrive pas a telecharger les mises a jour... et il me reste tjrs les icones crazygirls et gamesdesktop sur mon bureu je les supprime ?

^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275 > neo
2 juil. 2008 à 22:02

Si tu prenais la peine de suivre la procédure indiquée
Tu aurais moins de soucis

http://www.commentcamarche.net/forum/affich 7197319 crazygirls et serialplayers mess d alerte#23

Réponse 14 / 14

fiat500 Messages postés 2621 Date d'inscription vendredi 30 mai 2008 Statut Membre Dernière intervention 25 mars 2009 82
3 juil. 2008 à 10:35

a+

Crazygirls et serialplayers + mess d'alerte

14 réponses

Discussions similaires