Window bleh.exe

Résolu
titouneee Messages postés 70 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

J'ai lancé un scan en ligne de mon ordi et voici un des résultats :

C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\
window bleh.exe

est infecté par Trojan.Downloader.JKEK

comment puis-je faire pour m'en débarrasser ? (la suppression du dossier ne fonctionne pas, mon antivirus et mes antispyware ne le détecte pas).

est ce window bleh.exe est un virus ?

merci de votre aide

titoune
Configuration: Windows XP
Firefox 2.0.0.15

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un scan en ligne signale qu'un exécutable nommé window bleh.exe est infecté par Trojan.Downloader.JKEK, soulevant des questions sur sa nocivité et les mesures à adopter. Plusieurs réponses évoquent des méthodes de nettoyage avancées, notamment SmitFraudFix et HijackThis, associées à CCleaner et à des rapports détaillés pour identifier les éléments résiduels. Les résultats montrent des centaines d'entrées de démarrage et de modules tiers comme SiteAdvisor, Google Updater et McAfee, ce qui rend la suppression manuelle complexe et nécessite des outils spécialisés. En cas de détection persistante, la discussion conseille des scans répétés et la vérification des services et des clés système, une restauration système ayant été annulée lors d'une étape du processus.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    ---> Désactive l'antivirus
    ---> Télécharge Lop S&D sur ton Bureau
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    ---> Double-clique dessus pour lancer l'installation
    ---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    ---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
    ---> Patiente jusqu'à la fin du scan
    ---> Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

    Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
    http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
    0
    1. titouneee Messages postés 70 Statut Membre 10
       
      Ci joint le rapport (j'ai oublié de désactiver l'antivirus lorsque j'ai lancé Lop S&D, est ce que je dois recommencer ?)


      -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
      [ USER : Fr‚d‚ric ] [ "C:\Lop SD" ] [ Selection : 1 ]
      [ 12/07/2008 | 19:13:37,32 ] [ PC : PCPRINCIPAL ]
      [ MAJ : 09-07-2008 | 21:02 ]

      -------------[ Listing des dossiers dans Application Data ]------------

      [15/12/2007|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\a32l
      [24/02/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [26/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
      [04/11/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [20/08/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DESKTOP.INI
      [23/02/2008|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [12/07/2008|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
      [29/09/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [20/05/2005|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
      [22/06/2008|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
      [29/09/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
      [19/05/2007|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
      [29/07/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logo bat fork bike
      [15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
      [28/06/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
      [08/04/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [06/04/2006|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [11/06/2007|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mpDRM
      [19/05/2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
      [26/08/2005|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PEERNET
      [28/06/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
      [31/12/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
      [07/06/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
      [28/12/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree
      [20/05/2005|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
      [15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
      [09/09/2007|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [15/12/2007|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [05/03/2006|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
      [20/05/2005|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
      [27/07/2005|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [29/11/2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
      [04/07/2007|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
      [07/10/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
      [20/01/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

      [20/08/2004|11:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\DESKTOP.INI
      [20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [20/05/2005|15:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
      [20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [20/05/2005|15:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [20/05/2005|15:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
      [20/05/2005|15:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

      [15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.addit001.dat
      [02/11/2005|21:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.app190905.dat
      [15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.xp070105.dat
      [29/12/2007|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Adobe
      [12/12/2006|18:41] C:\DOCUME~1\FRDRIC~1\APPLIC~1\AdobeUM
      [12/11/2007|18:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ahead
      [04/11/2006|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Apple Computer
      [25/05/2005|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\CyberLink
      [20/08/2004|11:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DESKTOP.INI
      [26/02/2008|18:13] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DivX
      [12/07/2008|17:33] C:\DOCUME~1\FRDRIC~1\APPLIC~1\draw dart
      [05/01/2008|19:53] C:\DOCUME~1\FRDRIC~1\APPLIC~1\dvdcss
      [10/06/2006|15:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\EFF
      [10/02/2007|12:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ethereal
      [10/05/2007|21:46] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Free Spider TreeCardGames
      [23/02/2008|01:00] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Google
      [29/09/2007|11:03] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Grisoft
      [18/03/2006|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Help
      [29/08/2005|22:04] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Identities
      [09/09/2006|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\InterTrust
      [14/04/2006|13:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Jasc Software Inc
      [16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Leadertech
      [15/06/2005|22:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Macromedia
      [15/06/2008|20:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Media Player Classic
      [29/10/2006|17:48] C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
      [23/02/2008|01:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft
      [23/03/2006|17:16] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft Web Folders
      [10/03/2006|18:56] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Mozilla
      [06/01/2008|11:34] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Musicmatch
      [12/11/2007|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Nero
      [15/06/2005|18:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Opera
      [07/03/2007|19:55] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Panasonic
      [26/08/2005|15:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PDFCreator
      [26/08/2005|14:21] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PEERNET
      [09/03/2006|18:43] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Quintessential Player
      [03/03/2007|11:26] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Real
      [04/02/2008|13:20] C:\DOCUME~1\FRDRIC~1\APPLIC~1\SiteAdvisor
      [07/10/2007|13:33] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Skype
      [16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sonic
      [20/05/2005|15:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sun
      [16/06/2005|13:06] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Talkback
      [13/12/2005|23:05] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Thunderbird
      [20/06/2005|22:57] C:\DOCUME~1\FRDRIC~1\APPLIC~1\View4U
      [01/09/2005|18:10] C:\DOCUME~1\FRDRIC~1\APPLIC~1\vlc
      [20/05/2005|15:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\You've Got Pictures Screensaver

      [30/06/2005|11:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
      [07/04/2007|11:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
      [31/03/2007|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
      [15/06/2005|18:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Opera
      [15/12/2007|20:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

      [20/07/2005|19:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      [13/06/2005|21:42] C:\DOCUME~1\Sandrine\APPLIC~1\Adobe
      [20/08/2004|11:30] C:\DOCUME~1\Sandrine\APPLIC~1\DESKTOP.INI
      [20/05/2005|14:59] C:\DOCUME~1\Sandrine\APPLIC~1\Identities
      [20/05/2005|15:34] C:\DOCUME~1\Sandrine\APPLIC~1\Jasc Software Inc
      [15/06/2005|20:24] C:\DOCUME~1\Sandrine\APPLIC~1\Macromedia
      [20/07/2005|19:53] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft
      [26/05/2005|18:11] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft Web Folders
      [15/06/2005|17:52] C:\DOCUME~1\Sandrine\APPLIC~1\Opera
      [20/05/2005|15:35] C:\DOCUME~1\Sandrine\APPLIC~1\Sonic
      [20/05/2005|15:28] C:\DOCUME~1\Sandrine\APPLIC~1\Sun
      [20/05/2005|15:30] C:\DOCUME~1\Sandrine\APPLIC~1\You've Got Pictures Screensaver

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

      [12/07/2008 19:00][--ah-----] C:\WINDOWS\tasks\A8AAF7C496096874.job
      [15/06/2008 01:02][--a------] C:\WINDOWS\tasks\McDefragTask.job
      [12/07/2008 00:00][--a------] C:\WINDOWS\tasks\McQcTask.job
      [04/07/2008 20:00][--a------] C:\WINDOWS\tasks\Analyse McAfee.com - Mon ordinateur (PCPRINCIPAL-Fr‚d‚ric).job
      [12/07/2008 16:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

      A8AAF7C496096874.job <--> c:\docume~1\frdric~1\applic~1\drawda~1\Curbplusname.exe

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [15/01/2006|18:27] C:\Program Files\.data211204.dat
      [02/11/2005|21:31] C:\Program Files\.drv120405.dat
      [15/01/2006|18:27] C:\Program Files\.ex010705.dat
      [03/02/2006|18:59] C:\Program Files\@Last Software
      [29/09/2007|14:01] C:\Program Files\3wPlayer
      [03/02/2007|12:09] C:\Program Files\AdbeRdr80_fr_FR.exe
      [21/03/2008|10:16] C:\Program Files\Adobe
      [13/06/2005|20:54] C:\Program Files\ahead
      [31/01/2006|21:03] C:\Program Files\Alcohol Soft
      [20/05/2005|15:17] C:\Program Files\Analog Devices
      [15/06/2005|18:11] C:\Program Files\AVG
      [29/12/2007|12:21] C:\Program Files\AVIConverter
      [20/05/2005|15:29] C:\Program Files\Broadcom
      [07/10/2007|13:23] C:\Program Files\Canon
      [12/07/2008|17:42] C:\Program Files\Circle Developement
      [13/06/2005|20:51] C:\Program Files\codec
      [25/02/2006|00:50] C:\Program Files\Common Files
      [20/08/2006|16:12] C:\Program Files\CyberLink
      [22/03/2006|13:59] C:\Program Files\Dell
      [22/01/2008|01:46] C:\Program Files\Dictionnaire
      [25/06/2008|12:50] C:\Program Files\DivX
      [22/06/2008|06:56] C:\Program Files\draw dart
      [21/06/2005|22:22] C:\Program Files\DVD Region-Free
      [14/06/2008|03:14] C:\Program Files\eMule
      [05/03/2007|14:23] C:\Program Files\EPSON
      [12/07/2008|19:06] C:\Program Files\Executables
      [05/03/2007|14:08] C:\Program Files\Extrafilm FotoFacil
      [22/01/2008|13:02] C:\Program Files\Fichiers communs
      [10/07/2007|19:55] C:\Program Files\Free Spider
      [14/06/2005|17:39] C:\Program Files\Free.fr
      [01/09/2005|17:26] C:\Program Files\FunWebProducts
      [15/05/2008|20:05] C:\Program Files\Gimp
      [21/04/2008|09:57] C:\Program Files\Google
      [02/03/2008|20:55] C:\Program Files\Google Video
      [24/02/2006|23:07] C:\Program Files\Goto Software
      [29/09/2007|11:02] C:\Program Files\Grisoft
      [13/06/2005|21:12] C:\Program Files\Hewlett-Packard
      [13/06/2005|21:15] C:\Program Files\hp deskjet 3820 series
      [19/12/2006|23:55] C:\Program Files\IncrediMail
      [17/03/2008|22:07] C:\Program Files\InstallShield Installation Information
      [11/06/2008|21:14] C:\Program Files\Internet Explorer
      [04/11/2006|13:28] C:\Program Files\iPod
      [04/11/2006|13:28] C:\Program Files\iTunes
      [14/04/2006|13:24] C:\Program Files\Jasc Software Inc
      [15/03/2008|09:00] C:\Program Files\Java
      [01/02/2006|19:59] C:\Program Files\Jeux classiques
      [18/08/2005|20:40] C:\Program Files\jeuxclassiques.exe
      [28/05/2007|19:54] C:\Program Files\KC Softwares
      [28/12/2007|22:02] C:\Program Files\KGB Keylogger
      [15/06/2008|19:18] C:\Program Files\K-Lite Codec Pack
      [29/09/2007|10:16] C:\Program Files\Lavasoft
      [20/05/2005|15:30] C:\Program Files\Learn2.com
      [09/10/2007|20:03] C:\Program Files\Lecteur CANALPLAY
      [03/12/2005|20:37] C:\Program Files\LectMedia
      [09/06/2007|10:49] C:\Program Files\Logitech
      [27/09/2007|20:20] C:\Program Files\Macrogaming
      [20/06/2008|19:13] C:\Program Files\McAfee
      [15/12/2007|20:05] C:\Program Files\McAfee.com
      [24/07/2005|13:12] C:\Program Files\MediaLoads
      [12/09/2007|21:15] C:\Program Files\Messenger
      [09/04/2008|19:57] C:\Program Files\Messenger Plus! Live
      [26/05/2005|18:11] C:\Program Files\microsoft frontpage
      [26/05/2005|18:11] C:\Program Files\Microsoft Office
      [20/08/2006|16:10] C:\Program Files\Microsoft Visual Studio
      [20/05/2005|15:29] C:\Program Files\Microsoft Works
      [24/01/2006|19:55] C:\Program Files\Movie Maker
      [12/07/2008|19:05] C:\Program Files\Mozilla Firefox
      [04/11/2006|12:47] C:\Program Files\Mozilla Thunderbird
      [10/03/2006|18:55] C:\Program Files\mozilla.org
      [20/05/2005|14:59] C:\Program Files\MSN
      [20/05/2005|14:59] C:\Program Files\MSN Gaming Zone
      [12/12/2007|00:38] C:\Program Files\MSN Messenger
      [07/03/2007|19:00] C:\Program Files\MSXML 4.0
      [11/06/2007|13:03] C:\Program Files\Multi_Media_France
      [02/02/2008|12:46] C:\Program Files\MUSICMATCH
      [11/11/2005|09:45] C:\Program Files\MyWebSearch
      [11/02/2006|17:32] C:\Program Files\NASA
      [09/04/2006|15:40] C:\Program Files\Nero
      [24/01/2006|19:51] C:\Program Files\NetMeeting
      [13/06/2005|20:46] C:\Program Files\Norton AntiVirus
      [07/10/2007|13:31] C:\Program Files\Opera7
      [30/08/2005|13:02] C:\Program Files\OutClock
      [13/06/2007|18:05] C:\Program Files\Outlook Express
      [11/07/2008|22:13] C:\Program Files\Paint.NET
      [06/03/2006|18:21] C:\Program Files\Paltalk Messenger
      [07/03/2007|19:54] C:\Program Files\Panasonic
      [26/08/2005|15:08] C:\Program Files\PDFCreator
      [26/08/2005|14:17] C:\Program Files\PEERNET ePublisherPlus 2.0
      [19/05/2007|22:55] C:\Program Files\Philips Intelligent Agent
      [07/02/2006|23:39] C:\Program Files\PhotoFiltre
      [22/07/2005|21:44] C:\Program Files\Photoshop 6.0
      [03/04/2008|03:07] C:\Program Files\Picasa2
      [11/06/2008|21:14] C:\Program Files\PixVillage
      [14/04/2006|12:42] C:\Program Files\Publication Web
      [04/11/2006|13:27] C:\Program Files\QuickTime
      [24/10/2005|13:27] C:\Program Files\Real
      [12/07/2008|01:08] C:\Program Files\RegCleaner
      [21/03/2008|10:16] C:\Program Files\RKFree
      [20/05/2005|15:00] C:\Program Files\Services en ligne
      [19/10/2006|18:18] C:\Program Files\Sierra On-Line
      [22/05/2008|10:14] C:\Program Files\SiteAdvisor
      [26/05/2005|18:13] C:\Program Files\Snapshot Viewer
      [20/05/2005|15:32] C:\Program Files\Sonic
      [09/09/2007|11:13] C:\Program Files\Spybot - Search & Destroy
      [13/06/2005|20:53] C:\Program Files\Symantec
      [01/02/2006|20:01] C:\Program Files\thunderbird
      [20/06/2005|19:56] C:\Program Files\Uninstall Information
      [01/02/2006|22:07] C:\Program Files\VideoLAN
      [20/06/2005|22:58] C:\Program Files\View4U
      [20/05/2005|15:30] C:\Program Files\Viewpoint
      [12/12/2007|00:39] C:\Program Files\Windows Live
      [19/12/2007|00:55] C:\Program Files\Windows Live Toolbar
      [05/04/2007|21:46] C:\Program Files\Windows Media Connect 2
      [05/04/2007|21:46] C:\Program Files\Windows Media Player
      [24/01/2006|19:51] C:\Program Files\Windows NT
      [19/07/2005|21:33] C:\Program Files\WindowsUpdate
      [22/02/2006|13:01] C:\Program Files\WinRAR
      [27/01/2008|13:57] C:\Program Files\WinSpyKiller
      [07/10/2007|13:45] C:\Program Files\WinZip
      [20/05/2005|15:00] C:\Program Files\XEROX
      [23/02/2008|01:50] C:\Program Files\Yahoo!

      ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

      [24/02/2008|11:32] C:\Program Files\Fichiers communs\Adobe
      [19/05/2007|22:52] C:\Program Files\Fichiers communs\Ahead
      [26/05/2005|18:23] C:\Program Files\Fichiers communs\AOL
      [20/08/2006|16:10] C:\Program Files\Fichiers communs\Designer
      [11/06/2007|18:49] C:\Program Files\Fichiers communs\fluxDVD
      [28/01/2006|16:01] C:\Program Files\Fichiers communs\InstallShield
      [20/05/2005|15:27] C:\Program Files\Fichiers communs\Java
      [19/05/2007|22:24] C:\Program Files\Fichiers communs\LightScribe
      [25/05/2005|13:06] C:\Program Files\Fichiers communs\Logitech
      [29/03/2008|15:36] C:\Program Files\Fichiers communs\McAfee
      [12/12/2007|00:36] C:\Program Files\Fichiers communs\Microsoft Shared
      [11/06/2007|18:48] C:\Program Files\Fichiers communs\mpDRM
      [20/05/2005|14:59] C:\Program Files\Fichiers communs\MSSoap
      [20/05/2005|15:30] C:\Program Files\Fichiers communs\Nullsoft
      [14/04/2006|11:26] C:\Program Files\Fichiers communs\ODBC
      [12/11/2006|11:38] C:\Program Files\Fichiers communs\Real
      [20/05/2005|14:59] C:\Program Files\Fichiers communs\Services
      [20/05/2005|15:32] C:\Program Files\Fichiers communs\Sonic
      [20/05/2005|14:59] C:\Program Files\Fichiers communs\SpeechEngines
      [13/06/2007|18:13] C:\Program Files\Fichiers communs\System
      [22/01/2008|21:23] C:\Program Files\Fichiers communs\tjd
      [12/12/2007|00:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
      [03/01/2007|18:03] C:\Program Files\Fichiers communs\WinSoftware
      [29/09/2007|10:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
      [12/11/2006|11:39] C:\Program Files\Fichiers communs\xing shared

      ---------------------------[ Process ]--------------------------

      ... 52

      iexplore.exe ~ [616]
      iexplore.exe ~ [636]

      ----------------------[ Recherche avec S_Lop ]---------------------

      C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\arivmgrc.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\ounffwsp.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\perfjmgc.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\TRAY GPL FOUR KEEP.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\xvigoacf.exe

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\arivmgrc.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\ounffwsp.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\perfjmgc.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\TRAY GPL FOUR KEEP.exe
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\xvigoacf.exe
      C:\Program Files\drawda~1
      C:\Program Files\Circle Developement
      C:\Program Files\Multi_Media_France
      C:\Program Files\Multi_Media_France\INSTALL.LOG
      C:\Program Files\Multi_Media_France\tbMult.dll
      C:\Program Files\Multi_Media_France\toolbar.cfg
      C:\Program Files\Multi_Media_France\UNWISE.EXE
      C:\Program Files\Multi_Media_France\UNWISE.INI
      C:\Program Files\3wPlayer
      C:\Program Files\3wPlayer\3wPlayer.exe
      C:\Program Files\3wPlayer\settings.ini
      C:\Program Files\3wPlayer\settings.stp
      C:\Program Files\3wPlayer\SkinCrafterDll.dll
      C:\Program Files\3wPlayer\skins
      C:\Program Files\3wPlayer\unins000.dat
      C:\Program Files\3wPlayer\unins000.exe
      C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@www.adserver5[1].txt
      C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@adopt.euroclick[1].txt
      C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@32vegas[1].txt
      C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@banner.32vegas[2].txt
      C:\WINDOWS\Tasks\A8AAF7C496096874.job

      ----------------------[ Verification du Registre ]----------------------

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1 regs bone]
      "DisplayName"="CiD Help"
      "UninstallString"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe -uninstall"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "List Dent"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe"
      "List Dent"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Support audio cool poll"="C:\\Documents and Settings\\All Users\\Application Data\\INTERNET SPAM SUPPORT AUDIO\\window bleh.exe"

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 72 ( 70 ## added by CiD )

      /!\ 1 Not 127.0.0.1 !!

      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-12 19:15:34
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------

      C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
      C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner\Userdata
      C:\WINDOWS\Pack.epk
      C:\WINDOWS\System32\nvs2.inf
      [b]! EGDACCESS !/b

      => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
      => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
      => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
      => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
      => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe
      => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
      => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
      => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
      => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
      => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe


      [F:5][D:3]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp
      [F:60][D:0]-> C:\DOCUME~1\FRDRIC~1\Cookies
      [F:879][D:6]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\TEMPOR~1\content.IE5

      --------------------[ Fin du rapport a 19:16:52,87 ]----------------------
      0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    T'es pas infecté que par Lop...

    ---> Relance Lop S&D
    ---> Choisis cette fois-ci l'option 2 (Suppression)
    ---> Ne ferme pas la fenêtre lors de la suppression !
    ---> Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    0
  3. titouneee Messages postés 70 Statut Membre 10
     
    et le rapport hijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:28:0589, on 12/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\RKFree\rkfree.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Executables\HijackThis1-99-1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
    O3 - Toolbar: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
    O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    T'es pas infecté que par Lop...

    ---> Relance Lop S&D
    ---> Choisis cette fois-ci l'option 2 (Suppression)
    ---> Ne ferme pas la fenêtre lors de la suppression !
    ---> Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. titouneee Messages postés 70 Statut Membre 10
     
    Ci-joint le rapport LopR.txt :

    -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Fr‚d‚ric ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 13/07/2008 | 11:30:02,45 ] [ PC : PCPRINCIPAL ]
    [ MAJ : 09-07-2008 | 21:02 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
    Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\arivmgrc.exe
    Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\ounffwsp.exe
    Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\perfjmgc.exe
    Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\TRAY GPL FOUR KEEP.exe
    Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\xvigoacf.exe
    Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
    Supprime! - C:\Program Files\Multi_Media_France\tbMult.dll
    Supprime! - C:\Program Files\Multi_Media_France\toolbar.cfg
    Supprime! - C:\Program Files\Multi_Media_France\UNWISE.EXE
    Supprime! - C:\Program Files\Multi_Media_France\UNWISE.INI
    Supprime! - C:\Program Files\3wPlayer\3wPlayer.exe
    Supprime! - C:\Program Files\3wPlayer\settings.ini
    Supprime! - C:\Program Files\3wPlayer\settings.stp
    Supprime! - C:\Program Files\3wPlayer\SkinCrafterDll.dll
    Supprime! - C:\Program Files\3wPlayer\skins
    Supprime! - C:\Program Files\3wPlayer\unins000.dat
    Supprime! - C:\Program Files\3wPlayer\unins000.exe
    Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@www.adserver5[1].txt
    Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@adopt.euroclick[1].txt
    Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@32vegas[1].txt
    Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@banner.32vegas[2].txt
    Supprime! - C:\WINDOWS\Tasks\A8AAF7C496096874.job
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
    Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1
    Supprime! - C:\Program Files\drawda~1
    Supprime! - C:\Program Files\Circle Developement
    Supprime! - C:\Program Files\Multi_Media_France
    Supprime! - C:\Program Files\3wPlayer
    RestaurÚ! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Supprime! - C:\Program Files\MyWebSearch
    Supprime! - C:\Program Files\Viewpoint
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    -------------[ Listing des dossiers dans APPLIC~1 ]------------

    [15/12/2007|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\a32l
    [24/02/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [26/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [04/11/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [20/08/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DESKTOP.INI
    [23/02/2008|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [12/07/2008|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    [29/09/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [20/05/2005|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [29/09/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [19/05/2007|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
    [29/07/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logo bat fork bike
    [15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [28/06/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
    [08/04/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [06/04/2006|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11/06/2007|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mpDRM
    [19/05/2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [26/08/2005|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PEERNET
    [28/06/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
    [31/12/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
    [07/06/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [28/12/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree
    [20/05/2005|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
    [09/09/2007|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [15/12/2007|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [05/03/2006|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [27/07/2005|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [29/11/2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [04/07/2007|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
    [07/10/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    [20/01/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [20/08/2004|11:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\DESKTOP.INI
    [20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [20/05/2005|15:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
    [20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [20/05/2005|15:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
    [20/05/2005|15:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [20/05/2005|15:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.addit001.dat
    [02/11/2005|21:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.app190905.dat
    [15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.xp070105.dat
    [29/12/2007|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Adobe
    [12/12/2006|18:41] C:\DOCUME~1\FRDRIC~1\APPLIC~1\AdobeUM
    [12/11/2007|18:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ahead
    [04/11/2006|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Apple Computer
    [25/05/2005|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\CyberLink
    [20/08/2004|11:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DESKTOP.INI
    [26/02/2008|18:13] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DivX
    [05/01/2008|19:53] C:\DOCUME~1\FRDRIC~1\APPLIC~1\dvdcss
    [10/06/2006|15:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\EFF
    [10/02/2007|12:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ethereal
    [10/05/2007|21:46] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Free Spider TreeCardGames
    [23/02/2008|01:00] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Google
    [29/09/2007|11:03] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Grisoft
    [18/03/2006|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Help
    [29/08/2005|22:04] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Identities
    [09/09/2006|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\InterTrust
    [14/04/2006|13:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Jasc Software Inc
    [16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Leadertech
    [15/06/2005|22:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Macromedia
    [15/06/2008|20:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Media Player Classic
    [29/10/2006|17:48] C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
    [23/02/2008|01:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft
    [23/03/2006|17:16] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft Web Folders
    [10/03/2006|18:56] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Mozilla
    [06/01/2008|11:34] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Musicmatch
    [12/11/2007|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Nero
    [15/06/2005|18:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Opera
    [07/03/2007|19:55] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Panasonic
    [26/08/2005|15:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PDFCreator
    [26/08/2005|14:21] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PEERNET
    [09/03/2006|18:43] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Quintessential Player
    [03/03/2007|11:26] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Real
    [04/02/2008|13:20] C:\DOCUME~1\FRDRIC~1\APPLIC~1\SiteAdvisor
    [07/10/2007|13:33] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Skype
    [16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sonic
    [20/05/2005|15:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sun
    [16/06/2005|13:06] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Talkback
    [13/12/2005|23:05] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Thunderbird
    [20/06/2005|22:57] C:\DOCUME~1\FRDRIC~1\APPLIC~1\View4U
    [01/09/2005|18:10] C:\DOCUME~1\FRDRIC~1\APPLIC~1\vlc
    [20/05/2005|15:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\You've Got Pictures Screensaver

    [30/06/2005|11:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [07/04/2007|11:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [31/03/2007|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
    [15/06/2005|18:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Opera
    [15/12/2007|20:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

    [20/07/2005|19:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [13/06/2005|21:42] C:\DOCUME~1\Sandrine\APPLIC~1\Adobe
    [20/08/2004|11:30] C:\DOCUME~1\Sandrine\APPLIC~1\DESKTOP.INI
    [20/05/2005|14:59] C:\DOCUME~1\Sandrine\APPLIC~1\Identities
    [20/05/2005|15:34] C:\DOCUME~1\Sandrine\APPLIC~1\Jasc Software Inc
    [15/06/2005|20:24] C:\DOCUME~1\Sandrine\APPLIC~1\Macromedia
    [20/07/2005|19:53] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft
    [26/05/2005|18:11] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft Web Folders
    [15/06/2005|17:52] C:\DOCUME~1\Sandrine\APPLIC~1\Opera
    [20/05/2005|15:35] C:\DOCUME~1\Sandrine\APPLIC~1\Sonic
    [20/05/2005|15:28] C:\DOCUME~1\Sandrine\APPLIC~1\Sun
    [20/05/2005|15:30] C:\DOCUME~1\Sandrine\APPLIC~1\You've Got Pictures Screensaver

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [15/06/2008 01:02][--a------] C:\WINDOWS\tasks\McDefragTask.job
    [12/07/2008 00:00][--a------] C:\WINDOWS\tasks\McQcTask.job
    [04/07/2008 20:00][--a------] C:\WINDOWS\tasks\Analyse McAfee.com - Mon ordinateur (PCPRINCIPAL-Fr‚d‚ric).job
    [12/07/2008 16:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [15/01/2006|18:27] C:\Program Files\.data211204.dat
    [02/11/2005|21:31] C:\Program Files\.drv120405.dat
    [15/01/2006|18:27] C:\Program Files\.ex010705.dat
    [03/02/2006|18:59] C:\Program Files\@Last Software
    [03/02/2007|12:09] C:\Program Files\AdbeRdr80_fr_FR.exe
    [21/03/2008|10:16] C:\Program Files\Adobe
    [13/06/2005|20:54] C:\Program Files\ahead
    [31/01/2006|21:03] C:\Program Files\Alcohol Soft
    [20/05/2005|15:17] C:\Program Files\Analog Devices
    [15/06/2005|18:11] C:\Program Files\AVG
    [29/12/2007|12:21] C:\Program Files\AVIConverter
    [20/05/2005|15:29] C:\Program Files\Broadcom
    [07/10/2007|13:23] C:\Program Files\Canon
    [13/06/2005|20:51] C:\Program Files\codec
    [25/02/2006|00:50] C:\Program Files\Common Files
    [20/08/2006|16:12] C:\Program Files\CyberLink
    [22/03/2006|13:59] C:\Program Files\Dell
    [22/01/2008|01:46] C:\Program Files\Dictionnaire
    [25/06/2008|12:50] C:\Program Files\DivX
    [21/06/2005|22:22] C:\Program Files\DVD Region-Free
    [14/06/2008|03:14] C:\Program Files\eMule
    [05/03/2007|14:23] C:\Program Files\EPSON
    [12/07/2008|19:34] C:\Program Files\Executables
    [05/03/2007|14:08] C:\Program Files\Extrafilm FotoFacil
    [22/01/2008|13:02] C:\Program Files\Fichiers communs
    [10/07/2007|19:55] C:\Program Files\Free Spider
    [14/06/2005|17:39] C:\Program Files\Free.fr
    [01/09/2005|17:26] C:\Program Files\FunWebProducts
    [15/05/2008|20:05] C:\Program Files\Gimp
    [21/04/2008|09:57] C:\Program Files\Google
    [02/03/2008|20:55] C:\Program Files\Google Video
    [24/02/2006|23:07] C:\Program Files\Goto Software
    [29/09/2007|11:02] C:\Program Files\Grisoft
    [13/06/2005|21:12] C:\Program Files\Hewlett-Packard
    [13/06/2005|21:15] C:\Program Files\hp deskjet 3820 series
    [19/12/2006|23:55] C:\Program Files\IncrediMail
    [17/03/2008|22:07] C:\Program Files\InstallShield Installation Information
    [11/06/2008|21:14] C:\Program Files\Internet Explorer
    [04/11/2006|13:28] C:\Program Files\iPod
    [04/11/2006|13:28] C:\Program Files\iTunes
    [14/04/2006|13:24] C:\Program Files\Jasc Software Inc
    [15/03/2008|09:00] C:\Program Files\Java
    [01/02/2006|19:59] C:\Program Files\Jeux classiques
    [18/08/2005|20:40] C:\Program Files\jeuxclassiques.exe
    [28/05/2007|19:54] C:\Program Files\KC Softwares
    [28/12/2007|22:02] C:\Program Files\KGB Keylogger
    [15/06/2008|19:18] C:\Program Files\K-Lite Codec Pack
    [29/09/2007|10:16] C:\Program Files\Lavasoft
    [20/05/2005|15:30] C:\Program Files\Learn2.com
    [09/10/2007|20:03] C:\Program Files\Lecteur CANALPLAY
    [03/12/2005|20:37] C:\Program Files\LectMedia
    [09/06/2007|10:49] C:\Program Files\Logitech
    [27/09/2007|20:20] C:\Program Files\Macrogaming
    [20/06/2008|19:13] C:\Program Files\McAfee
    [15/12/2007|20:05] C:\Program Files\McAfee.com
    [24/07/2005|13:12] C:\Program Files\MediaLoads
    [12/09/2007|21:15] C:\Program Files\Messenger
    [09/04/2008|19:57] C:\Program Files\Messenger Plus! Live
    [26/05/2005|18:11] C:\Program Files\microsoft frontpage
    [26/05/2005|18:11] C:\Program Files\Microsoft Office
    [20/08/2006|16:10] C:\Program Files\Microsoft Visual Studio
    [20/05/2005|15:29] C:\Program Files\Microsoft Works
    [24/01/2006|19:55] C:\Program Files\Movie Maker
    [13/07/2008|11:24] C:\Program Files\Mozilla Firefox
    [04/11/2006|12:47] C:\Program Files\Mozilla Thunderbird
    [10/03/2006|18:55] C:\Program Files\mozilla.org
    [20/05/2005|14:59] C:\Program Files\MSN
    [20/05/2005|14:59] C:\Program Files\MSN Gaming Zone
    [12/12/2007|00:38] C:\Program Files\MSN Messenger
    [07/03/2007|19:00] C:\Program Files\MSXML 4.0
    [02/02/2008|12:46] C:\Program Files\MUSICMATCH
    [11/02/2006|17:32] C:\Program Files\NASA
    [09/04/2006|15:40] C:\Program Files\Nero
    [24/01/2006|19:51] C:\Program Files\NetMeeting
    [13/06/2005|20:46] C:\Program Files\Norton AntiVirus
    [07/10/2007|13:31] C:\Program Files\Opera7
    [30/08/2005|13:02] C:\Program Files\OutClock
    [13/06/2007|18:05] C:\Program Files\Outlook Express
    [11/07/2008|22:13] C:\Program Files\Paint.NET
    [06/03/2006|18:21] C:\Program Files\Paltalk Messenger
    [07/03/2007|19:54] C:\Program Files\Panasonic
    [26/08/2005|15:08] C:\Program Files\PDFCreator
    [26/08/2005|14:17] C:\Program Files\PEERNET ePublisherPlus 2.0
    [19/05/2007|22:55] C:\Program Files\Philips Intelligent Agent
    [07/02/2006|23:39] C:\Program Files\PhotoFiltre
    [22/07/2005|21:44] C:\Program Files\Photoshop 6.0
    [03/04/2008|03:07] C:\Program Files\Picasa2
    [11/06/2008|21:14] C:\Program Files\PixVillage
    [14/04/2006|12:42] C:\Program Files\Publication Web
    [04/11/2006|13:27] C:\Program Files\QuickTime
    [24/10/2005|13:27] C:\Program Files\Real
    [12/07/2008|01:08] C:\Program Files\RegCleaner
    [21/03/2008|10:16] C:\Program Files\RKFree
    [20/05/2005|15:00] C:\Program Files\Services en ligne
    [19/10/2006|18:18] C:\Program Files\Sierra On-Line
    [22/05/2008|10:14] C:\Program Files\SiteAdvisor
    [26/05/2005|18:13] C:\Program Files\Snapshot Viewer
    [20/05/2005|15:32] C:\Program Files\Sonic
    [09/09/2007|11:13] C:\Program Files\Spybot - Search & Destroy
    [13/06/2005|20:53] C:\Program Files\Symantec
    [01/02/2006|20:01] C:\Program Files\thunderbird
    [12/07/2008|19:34] C:\Program Files\Trend Micro
    [20/06/2005|19:56] C:\Program Files\Uninstall Information
    [01/02/2006|22:07] C:\Program Files\VideoLAN
    [20/06/2005|22:58] C:\Program Files\View4U
    [12/12/2007|00:39] C:\Program Files\Windows Live
    [19/12/2007|00:55] C:\Program Files\Windows Live Toolbar
    [05/04/2007|21:46] C:\Program Files\Windows Media Connect 2
    [05/04/2007|21:46] C:\Program Files\Windows Media Player
    [24/01/2006|19:51] C:\Program Files\Windows NT
    [19/07/2005|21:33] C:\Program Files\WindowsUpdate
    [22/02/2006|13:01] C:\Program Files\WinRAR
    [27/01/2008|13:57] C:\Program Files\WinSpyKiller
    [07/10/2007|13:45] C:\Program Files\WinZip
    [20/05/2005|15:00] C:\Program Files\XEROX
    [23/02/2008|01:50] C:\Program Files\Yahoo!

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [24/02/2008|11:32] C:\Program Files\Fichiers communs\Adobe
    [19/05/2007|22:52] C:\Program Files\Fichiers communs\Ahead
    [26/05/2005|18:23] C:\Program Files\Fichiers communs\AOL
    [20/08/2006|16:10] C:\Program Files\Fichiers communs\Designer
    [11/06/2007|18:49] C:\Program Files\Fichiers communs\fluxDVD
    [28/01/2006|16:01] C:\Program Files\Fichiers communs\InstallShield
    [20/05/2005|15:27] C:\Program Files\Fichiers communs\Java
    [19/05/2007|22:24] C:\Program Files\Fichiers communs\LightScribe
    [25/05/2005|13:06] C:\Program Files\Fichiers communs\Logitech
    [29/03/2008|15:36] C:\Program Files\Fichiers communs\McAfee
    [12/12/2007|00:36] C:\Program Files\Fichiers communs\Microsoft Shared
    [11/06/2007|18:48] C:\Program Files\Fichiers communs\mpDRM
    [20/05/2005|14:59] C:\Program Files\Fichiers communs\MSSoap
    [20/05/2005|15:30] C:\Program Files\Fichiers communs\Nullsoft
    [14/04/2006|11:26] C:\Program Files\Fichiers communs\ODBC
    [12/11/2006|11:38] C:\Program Files\Fichiers communs\Real
    [20/05/2005|14:59] C:\Program Files\Fichiers communs\Services
    [20/05/2005|15:32] C:\Program Files\Fichiers communs\Sonic
    [20/05/2005|14:59] C:\Program Files\Fichiers communs\SpeechEngines
    [13/06/2007|18:13] C:\Program Files\Fichiers communs\System
    [22/01/2008|21:23] C:\Program Files\Fichiers communs\tjd
    [12/12/2007|00:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [03/01/2007|18:03] C:\Program Files\Fichiers communs\WinSoftware
    [29/09/2007|10:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [12/11/2006|11:39] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 51

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1 regs bone]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe -uninstall"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-13 11:32:01
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner\Userdata
    C:\WINDOWS\Pack.epk
    C:\WINDOWS\System32\nvs2.inf
    [b]! EGDACCESS !/b

    => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
    => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
    => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
    => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
    => C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe
    => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
    => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
    => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
    => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
    => C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe

    [F:5][D:3]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp
    [F:56][D:0]-> C:\DOCUME~1\FRDRIC~1\Cookies
    [F:884][D:6]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 11:33:20,73 ]----------------------
    0
  7. titouneee Messages postés 70 Statut Membre 10
     
    et le rapport HitjackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:36:5989, on 13/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\RKFree\rkfree.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
    O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: hydria - {79cdca21-5055-4cae-b609-e1685ef55cf7} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/FRDRIC~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
    0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    - Double-clique sur Navilog1.exe afin de lancer l'installation

    - Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

    - Appuie sur F ou f puis valide par Entrée

    - Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

    - Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

    - Patiente jusqu'au message : *** Analyse Termine le ..... ***

    - Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

    - Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
    0
  9. titouneee Messages postés 70 Statut Membre 10
     
    ci-dessous le rapport :

    Search Navipromo version 3.6.0 commencé le 13/07/2008 à 17:17:25,39

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Frédéric"

    Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Frédéric\applic~1" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\DOCUME~1\Sandrine\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Frédéric\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\Sandrine\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" *

    *** Recherche fichiers ***

    C:\WINDOWS\pack.epk trouvé !
    C:\WINDOWS\system32\nvs2.inf trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le 13/07/2008 à 17:23:40,59 ***
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Relance Navilog1, fais l'option 2 et poste le rapport.
    0
  11. titouneee Messages postés 70 Statut Membre 10
     
    le rapport :

    Clean Navipromo version 3.6.0 commencé le 13/07/2008 à 18:10:29,15

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Frédéric"

    Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS

    Nettoyage exécuté au redémarrage de l'ordinateur

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *

    * Suppression dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" *

    *** Suppression dossiers dans "C:\WINDOWS" ***

    *** Suppression dossiers dans "C:\Program Files" ***

    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Frédéric\applic~1" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !

    *** Suppression dossiers dans "C:\DOCUME~1\Sandrine\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Frédéric\menudm~1\progra~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\Sandrine\menudm~1\progra~1" ***

    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Fr‚d‚ric\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :

    * Dans "C:\WINDOWS\system32" *

    * Dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" *

    * Dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" *

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 13/07/2008 à 18:15:13,56 ***
    0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
    0
  13. titouneee Messages postés 70 Statut Membre 10
     
    le rapport :

    SmitFraudFix v2.329

    Rapport fait à 18:23:52,53, 13/07/2008
    Executé à partir de C:\Documents and Settings\Fr‚d‚ric\Bureau\medicaments ordi\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\RKFree\rkfree.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Frédéric\Bureau\medicaments ordi\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fr‚d‚ric

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fr‚d‚ric\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FRDRIC~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="file:///C:/DOCUME~1/FRDRIC~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg"
    "SubscribedURL"="file:///C:/DOCUME~1/FRDRIC~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{79cdca21-5055-4cae-b609-e1685ef55cf7}"="hydria"

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.53.252
    DNS Server Search Order: 212.27.54.252

    Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.32.5

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Redémarre ton ordinateur en mode sans échec :
    https://blog.sosordi.net/

    - Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

    - Réponds O(oui) à ces deux questions si elles te sont posées

    Voulez-vous nettoyer le registre ?
    Corriger le fichier infecté ?

    - Un rapport sera généré, sauvegarde-le sur le bureau

    - Redémarre en mode normal

    - Poste le rapport SmitfraudFix et un nouveau rapport HijackThis
    0
  15. titouneee Messages postés 70 Statut Membre 10
     
    En mode sans échec, j'avais 2 sessions. J'ai donc lancé SmitfraudFix avec l'option 2 sur les 2 sessions.

    Rapport pour la session Administrateur :

    SmitFraudFix v2.329

    Rapport fait à 18:44:05,12, 13/07/2008
    Executé à partir de C:\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  16. titouneee Messages postés 70 Statut Membre 10
     
    Rapport pour la session de l'utilisateur courant (utilisateur sur lequel nous sommes tjs connecté) :

    SmitFraudFix v2.329

    Rapport fait à 18:37:42,28, 13/07/2008
    Executé à partir de C:\Documents and Settings\Fr‚d‚ric\Bureau\medicaments ordi\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{79cdca21-5055-4cae-b609-e1685ef55cf7}"="hydria"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  17. titouneee Messages postés 70 Statut Membre 10
     
    Rapport HitjackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:51:01, on 13/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\RKFree\rkfree.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
    O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  19. titouneee Messages postés 70 Statut Membre 10
     
    ci-dessous le rapport du scan complet avec MalwareByte's Anti-Malware :

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 945
    Windows 5.1.2600 Service Pack 2

    21:34:19 13/07/2008
    mbam-log-7-13-2008 (21-34-19).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 144248
    Temps écoulé: 2 hour(s), 9 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 107
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 6
    Fichier(s) infecté(s): 20

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164090.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164091.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164092.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164093.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164094.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164095.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164096.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164097.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164099.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\WinSpyKiller\Uninstall.exe (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
    C:\Program Files\WinSpyKiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
    C:\Program Files\WinSpyKiller\WinSpyKiller1.wk (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
    0
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Wahoo...

    Relance MAM, va dans Quarantaine et supprime tout.

    Poste un nouveau rapport HijackThis.
    0
  21. titouneee Messages postés 70 Statut Membre 10
     
    je dois m'inquiéter de ce Wahoo ??? j'ai supprimé tout ce qu'il y avait dans Quarantaine.

    Ci-dessous le rapport Hitjack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:37:37, on 13/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\RKFree\rkfree.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
    O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    0
  • 1
  • 2
  • 3