Sujet Précédent Sujet Suivant

Window bleh.exe

Résolu
titouneee Messages postés 70 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

J'ai lancé un scan en ligne de mon ordi et voici un des résultats :

C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\
window bleh.exe

est infecté par Trojan.Downloader.JKEK

comment puis-je faire pour m'en débarrasser ? (la suppression du dossier ne fonctionne pas, mon antivirus et mes antispyware ne le détecte pas).

est ce window bleh.exe est un virus ?

merci de votre aide

titoune
A voir également:

43 réponses

Réponse 1 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

---> Désactive l'antivirus
---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
titouneee Messages postés 70 Statut Membre 10
 
Ci joint le rapport (j'ai oublié de désactiver l'antivirus lorsque j'ai lancé Lop S&D, est ce que je dois recommencer ?)


-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Fr‚d‚ric ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 12/07/2008 | 19:13:37,32 ] [ PC : PCPRINCIPAL ]
[ MAJ : 09-07-2008 | 21:02 ]

-------------[ Listing des dossiers dans Application Data ]------------

[15/12/2007|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\a32l
[24/02/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[04/11/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/08/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DESKTOP.INI
[23/02/2008|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/07/2008|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[29/09/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[20/05/2005|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[22/06/2008|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
[29/09/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/05/2007|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[29/07/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logo bat fork bike
[15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[28/06/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[08/04/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/04/2006|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/06/2007|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mpDRM
[19/05/2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[26/08/2005|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PEERNET
[28/06/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
[31/12/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[07/06/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[28/12/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree
[20/05/2005|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[09/09/2007|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15/12/2007|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/03/2006|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[20/05/2005|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[27/07/2005|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/11/2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[04/07/2007|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[07/10/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[20/01/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[20/08/2004|11:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\DESKTOP.INI
[20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[20/05/2005|15:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/05/2005|15:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[20/05/2005|15:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[20/05/2005|15:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.addit001.dat
[02/11/2005|21:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.app190905.dat
[15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.xp070105.dat
[29/12/2007|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Adobe
[12/12/2006|18:41] C:\DOCUME~1\FRDRIC~1\APPLIC~1\AdobeUM
[12/11/2007|18:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ahead
[04/11/2006|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Apple Computer
[25/05/2005|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\CyberLink
[20/08/2004|11:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DESKTOP.INI
[26/02/2008|18:13] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DivX
[12/07/2008|17:33] C:\DOCUME~1\FRDRIC~1\APPLIC~1\draw dart
[05/01/2008|19:53] C:\DOCUME~1\FRDRIC~1\APPLIC~1\dvdcss
[10/06/2006|15:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\EFF
[10/02/2007|12:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ethereal
[10/05/2007|21:46] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Free Spider TreeCardGames
[23/02/2008|01:00] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Google
[29/09/2007|11:03] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Grisoft
[18/03/2006|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Help
[29/08/2005|22:04] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Identities
[09/09/2006|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\InterTrust
[14/04/2006|13:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Jasc Software Inc
[16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Leadertech
[15/06/2005|22:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Macromedia
[15/06/2008|20:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Media Player Classic
[29/10/2006|17:48] C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
[23/02/2008|01:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft
[23/03/2006|17:16] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft Web Folders
[10/03/2006|18:56] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Mozilla
[06/01/2008|11:34] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Musicmatch
[12/11/2007|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Nero
[15/06/2005|18:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Opera
[07/03/2007|19:55] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Panasonic
[26/08/2005|15:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PDFCreator
[26/08/2005|14:21] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PEERNET
[09/03/2006|18:43] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Quintessential Player
[03/03/2007|11:26] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Real
[04/02/2008|13:20] C:\DOCUME~1\FRDRIC~1\APPLIC~1\SiteAdvisor
[07/10/2007|13:33] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Skype
[16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sonic
[20/05/2005|15:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sun
[16/06/2005|13:06] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Talkback
[13/12/2005|23:05] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Thunderbird
[20/06/2005|22:57] C:\DOCUME~1\FRDRIC~1\APPLIC~1\View4U
[01/09/2005|18:10] C:\DOCUME~1\FRDRIC~1\APPLIC~1\vlc
[20/05/2005|15:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\You've Got Pictures Screensaver

[30/06/2005|11:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[07/04/2007|11:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[31/03/2007|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[15/06/2005|18:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Opera
[15/12/2007|20:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[20/07/2005|19:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[13/06/2005|21:42] C:\DOCUME~1\Sandrine\APPLIC~1\Adobe
[20/08/2004|11:30] C:\DOCUME~1\Sandrine\APPLIC~1\DESKTOP.INI
[20/05/2005|14:59] C:\DOCUME~1\Sandrine\APPLIC~1\Identities
[20/05/2005|15:34] C:\DOCUME~1\Sandrine\APPLIC~1\Jasc Software Inc
[15/06/2005|20:24] C:\DOCUME~1\Sandrine\APPLIC~1\Macromedia
[20/07/2005|19:53] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft
[26/05/2005|18:11] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft Web Folders
[15/06/2005|17:52] C:\DOCUME~1\Sandrine\APPLIC~1\Opera
[20/05/2005|15:35] C:\DOCUME~1\Sandrine\APPLIC~1\Sonic
[20/05/2005|15:28] C:\DOCUME~1\Sandrine\APPLIC~1\Sun
[20/05/2005|15:30] C:\DOCUME~1\Sandrine\APPLIC~1\You've Got Pictures Screensaver

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[12/07/2008 19:00][--ah-----] C:\WINDOWS\tasks\A8AAF7C496096874.job
[15/06/2008 01:02][--a------] C:\WINDOWS\tasks\McDefragTask.job
[12/07/2008 00:00][--a------] C:\WINDOWS\tasks\McQcTask.job
[04/07/2008 20:00][--a------] C:\WINDOWS\tasks\Analyse McAfee.com - Mon ordinateur (PCPRINCIPAL-Fr‚d‚ric).job
[12/07/2008 16:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

A8AAF7C496096874.job <--> c:\docume~1\frdric~1\applic~1\drawda~1\Curbplusname.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[15/01/2006|18:27] C:\Program Files\.data211204.dat
[02/11/2005|21:31] C:\Program Files\.drv120405.dat
[15/01/2006|18:27] C:\Program Files\.ex010705.dat
[03/02/2006|18:59] C:\Program Files\@Last Software
[29/09/2007|14:01] C:\Program Files\3wPlayer
[03/02/2007|12:09] C:\Program Files\AdbeRdr80_fr_FR.exe
[21/03/2008|10:16] C:\Program Files\Adobe
[13/06/2005|20:54] C:\Program Files\ahead
[31/01/2006|21:03] C:\Program Files\Alcohol Soft
[20/05/2005|15:17] C:\Program Files\Analog Devices
[15/06/2005|18:11] C:\Program Files\AVG
[29/12/2007|12:21] C:\Program Files\AVIConverter
[20/05/2005|15:29] C:\Program Files\Broadcom
[07/10/2007|13:23] C:\Program Files\Canon
[12/07/2008|17:42] C:\Program Files\Circle Developement
[13/06/2005|20:51] C:\Program Files\codec
[25/02/2006|00:50] C:\Program Files\Common Files
[20/08/2006|16:12] C:\Program Files\CyberLink
[22/03/2006|13:59] C:\Program Files\Dell
[22/01/2008|01:46] C:\Program Files\Dictionnaire
[25/06/2008|12:50] C:\Program Files\DivX
[22/06/2008|06:56] C:\Program Files\draw dart
[21/06/2005|22:22] C:\Program Files\DVD Region-Free
[14/06/2008|03:14] C:\Program Files\eMule
[05/03/2007|14:23] C:\Program Files\EPSON
[12/07/2008|19:06] C:\Program Files\Executables
[05/03/2007|14:08] C:\Program Files\Extrafilm FotoFacil
[22/01/2008|13:02] C:\Program Files\Fichiers communs
[10/07/2007|19:55] C:\Program Files\Free Spider
[14/06/2005|17:39] C:\Program Files\Free.fr
[01/09/2005|17:26] C:\Program Files\FunWebProducts
[15/05/2008|20:05] C:\Program Files\Gimp
[21/04/2008|09:57] C:\Program Files\Google
[02/03/2008|20:55] C:\Program Files\Google Video
[24/02/2006|23:07] C:\Program Files\Goto Software
[29/09/2007|11:02] C:\Program Files\Grisoft
[13/06/2005|21:12] C:\Program Files\Hewlett-Packard
[13/06/2005|21:15] C:\Program Files\hp deskjet 3820 series
[19/12/2006|23:55] C:\Program Files\IncrediMail
[17/03/2008|22:07] C:\Program Files\InstallShield Installation Information
[11/06/2008|21:14] C:\Program Files\Internet Explorer
[04/11/2006|13:28] C:\Program Files\iPod
[04/11/2006|13:28] C:\Program Files\iTunes
[14/04/2006|13:24] C:\Program Files\Jasc Software Inc
[15/03/2008|09:00] C:\Program Files\Java
[01/02/2006|19:59] C:\Program Files\Jeux classiques
[18/08/2005|20:40] C:\Program Files\jeuxclassiques.exe
[28/05/2007|19:54] C:\Program Files\KC Softwares
[28/12/2007|22:02] C:\Program Files\KGB Keylogger
[15/06/2008|19:18] C:\Program Files\K-Lite Codec Pack
[29/09/2007|10:16] C:\Program Files\Lavasoft
[20/05/2005|15:30] C:\Program Files\Learn2.com
[09/10/2007|20:03] C:\Program Files\Lecteur CANALPLAY
[03/12/2005|20:37] C:\Program Files\LectMedia
[09/06/2007|10:49] C:\Program Files\Logitech
[27/09/2007|20:20] C:\Program Files\Macrogaming
[20/06/2008|19:13] C:\Program Files\McAfee
[15/12/2007|20:05] C:\Program Files\McAfee.com
[24/07/2005|13:12] C:\Program Files\MediaLoads
[12/09/2007|21:15] C:\Program Files\Messenger
[09/04/2008|19:57] C:\Program Files\Messenger Plus! Live
[26/05/2005|18:11] C:\Program Files\microsoft frontpage
[26/05/2005|18:11] C:\Program Files\Microsoft Office
[20/08/2006|16:10] C:\Program Files\Microsoft Visual Studio
[20/05/2005|15:29] C:\Program Files\Microsoft Works
[24/01/2006|19:55] C:\Program Files\Movie Maker
[12/07/2008|19:05] C:\Program Files\Mozilla Firefox
[04/11/2006|12:47] C:\Program Files\Mozilla Thunderbird
[10/03/2006|18:55] C:\Program Files\mozilla.org
[20/05/2005|14:59] C:\Program Files\MSN
[20/05/2005|14:59] C:\Program Files\MSN Gaming Zone
[12/12/2007|00:38] C:\Program Files\MSN Messenger
[07/03/2007|19:00] C:\Program Files\MSXML 4.0
[11/06/2007|13:03] C:\Program Files\Multi_Media_France
[02/02/2008|12:46] C:\Program Files\MUSICMATCH
[11/11/2005|09:45] C:\Program Files\MyWebSearch
[11/02/2006|17:32] C:\Program Files\NASA
[09/04/2006|15:40] C:\Program Files\Nero
[24/01/2006|19:51] C:\Program Files\NetMeeting
[13/06/2005|20:46] C:\Program Files\Norton AntiVirus
[07/10/2007|13:31] C:\Program Files\Opera7
[30/08/2005|13:02] C:\Program Files\OutClock
[13/06/2007|18:05] C:\Program Files\Outlook Express
[11/07/2008|22:13] C:\Program Files\Paint.NET
[06/03/2006|18:21] C:\Program Files\Paltalk Messenger
[07/03/2007|19:54] C:\Program Files\Panasonic
[26/08/2005|15:08] C:\Program Files\PDFCreator
[26/08/2005|14:17] C:\Program Files\PEERNET ePublisherPlus 2.0
[19/05/2007|22:55] C:\Program Files\Philips Intelligent Agent
[07/02/2006|23:39] C:\Program Files\PhotoFiltre
[22/07/2005|21:44] C:\Program Files\Photoshop 6.0
[03/04/2008|03:07] C:\Program Files\Picasa2
[11/06/2008|21:14] C:\Program Files\PixVillage
[14/04/2006|12:42] C:\Program Files\Publication Web
[04/11/2006|13:27] C:\Program Files\QuickTime
[24/10/2005|13:27] C:\Program Files\Real
[12/07/2008|01:08] C:\Program Files\RegCleaner
[21/03/2008|10:16] C:\Program Files\RKFree
[20/05/2005|15:00] C:\Program Files\Services en ligne
[19/10/2006|18:18] C:\Program Files\Sierra On-Line
[22/05/2008|10:14] C:\Program Files\SiteAdvisor
[26/05/2005|18:13] C:\Program Files\Snapshot Viewer
[20/05/2005|15:32] C:\Program Files\Sonic
[09/09/2007|11:13] C:\Program Files\Spybot - Search & Destroy
[13/06/2005|20:53] C:\Program Files\Symantec
[01/02/2006|20:01] C:\Program Files\thunderbird
[20/06/2005|19:56] C:\Program Files\Uninstall Information
[01/02/2006|22:07] C:\Program Files\VideoLAN
[20/06/2005|22:58] C:\Program Files\View4U
[20/05/2005|15:30] C:\Program Files\Viewpoint
[12/12/2007|00:39] C:\Program Files\Windows Live
[19/12/2007|00:55] C:\Program Files\Windows Live Toolbar
[05/04/2007|21:46] C:\Program Files\Windows Media Connect 2
[05/04/2007|21:46] C:\Program Files\Windows Media Player
[24/01/2006|19:51] C:\Program Files\Windows NT
[19/07/2005|21:33] C:\Program Files\WindowsUpdate
[22/02/2006|13:01] C:\Program Files\WinRAR
[27/01/2008|13:57] C:\Program Files\WinSpyKiller
[07/10/2007|13:45] C:\Program Files\WinZip
[20/05/2005|15:00] C:\Program Files\XEROX
[23/02/2008|01:50] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[24/02/2008|11:32] C:\Program Files\Fichiers communs\Adobe
[19/05/2007|22:52] C:\Program Files\Fichiers communs\Ahead
[26/05/2005|18:23] C:\Program Files\Fichiers communs\AOL
[20/08/2006|16:10] C:\Program Files\Fichiers communs\Designer
[11/06/2007|18:49] C:\Program Files\Fichiers communs\fluxDVD
[28/01/2006|16:01] C:\Program Files\Fichiers communs\InstallShield
[20/05/2005|15:27] C:\Program Files\Fichiers communs\Java
[19/05/2007|22:24] C:\Program Files\Fichiers communs\LightScribe
[25/05/2005|13:06] C:\Program Files\Fichiers communs\Logitech
[29/03/2008|15:36] C:\Program Files\Fichiers communs\McAfee
[12/12/2007|00:36] C:\Program Files\Fichiers communs\Microsoft Shared
[11/06/2007|18:48] C:\Program Files\Fichiers communs\mpDRM
[20/05/2005|14:59] C:\Program Files\Fichiers communs\MSSoap
[20/05/2005|15:30] C:\Program Files\Fichiers communs\Nullsoft
[14/04/2006|11:26] C:\Program Files\Fichiers communs\ODBC
[12/11/2006|11:38] C:\Program Files\Fichiers communs\Real
[20/05/2005|14:59] C:\Program Files\Fichiers communs\Services
[20/05/2005|15:32] C:\Program Files\Fichiers communs\Sonic
[20/05/2005|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|18:13] C:\Program Files\Fichiers communs\System
[22/01/2008|21:23] C:\Program Files\Fichiers communs\tjd
[12/12/2007|00:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[03/01/2007|18:03] C:\Program Files\Fichiers communs\WinSoftware
[29/09/2007|10:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
[12/11/2006|11:39] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 52

iexplore.exe ~ [616]
iexplore.exe ~ [636]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1
C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\arivmgrc.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\ounffwsp.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\perfjmgc.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\TRAY GPL FOUR KEEP.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\xvigoacf.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1
C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\arivmgrc.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\ounffwsp.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\perfjmgc.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\TRAY GPL FOUR KEEP.exe
C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\xvigoacf.exe
C:\Program Files\drawda~1
C:\Program Files\Circle Developement
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France\tbMult.dll
C:\Program Files\Multi_Media_France\toolbar.cfg
C:\Program Files\Multi_Media_France\UNWISE.EXE
C:\Program Files\Multi_Media_France\UNWISE.INI
C:\Program Files\3wPlayer
C:\Program Files\3wPlayer\3wPlayer.exe
C:\Program Files\3wPlayer\settings.ini
C:\Program Files\3wPlayer\settings.stp
C:\Program Files\3wPlayer\SkinCrafterDll.dll
C:\Program Files\3wPlayer\skins
C:\Program Files\3wPlayer\unins000.dat
C:\Program Files\3wPlayer\unins000.exe
C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@www.adserver5[1].txt
C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@adopt.euroclick[1].txt
C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@32vegas[1].txt
C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@banner.32vegas[2].txt
C:\WINDOWS\Tasks\A8AAF7C496096874.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1 regs bone]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"List Dent"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe"
"List Dent"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"="C:\\Documents and Settings\\All Users\\Application Data\\INTERNET SPAM SUPPORT AUDIO\\window bleh.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 ( 70 ## added by CiD )

/!\ 1 Not 127.0.0.1 !!

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 19:15:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner\Userdata
C:\WINDOWS\Pack.epk
C:\WINDOWS\System32\nvs2.inf
[b]! EGDACCESS !/b

=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe


[F:5][D:3]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp
[F:60][D:0]-> C:\DOCUME~1\FRDRIC~1\Cookies
[F:879][D:6]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 19:16:52,87 ]----------------------
0
Réponse 2 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
T'es pas infecté que par Lop...

---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Réponse 3 / 43
titouneee Messages postés 70 Statut Membre 10
 
et le rapport hijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 19:28:0589, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Executables\HijackThis1-99-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
O3 - Toolbar: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
0
Réponse 4 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
T'es pas infecté que par Lop...

---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 43
titouneee Messages postés 70 Statut Membre 10
 
Ci-joint le rapport LopR.txt :

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Fr‚d‚ric ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 13/07/2008 | 11:30:02,45 ] [ PC : PCPRINCIPAL ]
[ MAJ : 09-07-2008 | 21:02 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\arivmgrc.exe
Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\ounffwsp.exe
Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\perfjmgc.exe
Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\TRAY GPL FOUR KEEP.exe
Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1\xvigoacf.exe
Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\Program Files\Multi_Media_France\tbMult.dll
Supprime! - C:\Program Files\Multi_Media_France\toolbar.cfg
Supprime! - C:\Program Files\Multi_Media_France\UNWISE.EXE
Supprime! - C:\Program Files\Multi_Media_France\UNWISE.INI
Supprime! - C:\Program Files\3wPlayer\3wPlayer.exe
Supprime! - C:\Program Files\3wPlayer\settings.ini
Supprime! - C:\Program Files\3wPlayer\settings.stp
Supprime! - C:\Program Files\3wPlayer\SkinCrafterDll.dll
Supprime! - C:\Program Files\3wPlayer\skins
Supprime! - C:\Program Files\3wPlayer\unins000.dat
Supprime! - C:\Program Files\3wPlayer\unins000.exe
Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@32vegas[1].txt
Supprime! - C:\DOCUME~1\FRDRIC~1\Cookies\frédéric@banner.32vegas[2].txt
Supprime! - C:\WINDOWS\Tasks\A8AAF7C496096874.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\INTERNET SPAM SUPPORT AUDIO
Supprime! - C:\DOCUME~1\FRDRIC~1\APPLIC~1\drawda~1
Supprime! - C:\Program Files\drawda~1
Supprime! - C:\Program Files\Circle Developement
Supprime! - C:\Program Files\Multi_Media_France
Supprime! - C:\Program Files\3wPlayer
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\MyWebSearch
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans APPLIC~1 ]------------

[15/12/2007|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\a32l
[24/02/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[04/11/2006|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/08/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DESKTOP.INI
[23/02/2008|00:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/07/2008|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[29/09/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[20/05/2005|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[29/09/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/05/2007|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[29/07/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logo bat fork bike
[15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[28/06/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[08/04/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/04/2006|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/06/2007|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mpDRM
[19/05/2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[26/08/2005|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PEERNET
[28/06/2007|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
[31/12/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[07/06/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[28/12/2007|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree
[20/05/2005|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/12/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[09/09/2007|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15/12/2007|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/03/2006|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[27/07/2005|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/11/2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[04/07/2007|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[07/10/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[20/01/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[20/08/2004|11:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\DESKTOP.INI
[20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[20/05/2005|15:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[20/05/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/05/2005|15:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[20/05/2005|15:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[20/05/2005|15:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.addit001.dat
[02/11/2005|21:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.app190905.dat
[15/01/2006|18:27] C:\DOCUME~1\FRDRIC~1\APPLIC~1\.xp070105.dat
[29/12/2007|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Adobe
[12/12/2006|18:41] C:\DOCUME~1\FRDRIC~1\APPLIC~1\AdobeUM
[12/11/2007|18:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ahead
[04/11/2006|13:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Apple Computer
[25/05/2005|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\CyberLink
[20/08/2004|11:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DESKTOP.INI
[26/02/2008|18:13] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DivX
[05/01/2008|19:53] C:\DOCUME~1\FRDRIC~1\APPLIC~1\dvdcss
[10/06/2006|15:31] C:\DOCUME~1\FRDRIC~1\APPLIC~1\EFF
[10/02/2007|12:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Ethereal
[10/05/2007|21:46] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Free Spider TreeCardGames
[23/02/2008|01:00] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Google
[29/09/2007|11:03] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Grisoft
[18/03/2006|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Help
[29/08/2005|22:04] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Identities
[09/09/2006|21:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\InterTrust
[14/04/2006|13:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Jasc Software Inc
[16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Leadertech
[15/06/2005|22:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Macromedia
[15/06/2008|20:24] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Media Player Classic
[29/10/2006|17:48] C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
[23/02/2008|01:49] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft
[23/03/2006|17:16] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Microsoft Web Folders
[10/03/2006|18:56] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Mozilla
[06/01/2008|11:34] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Musicmatch
[12/11/2007|18:29] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Nero
[15/06/2005|18:50] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Opera
[07/03/2007|19:55] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Panasonic
[26/08/2005|15:07] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PDFCreator
[26/08/2005|14:21] C:\DOCUME~1\FRDRIC~1\APPLIC~1\PEERNET
[09/03/2006|18:43] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Quintessential Player
[03/03/2007|11:26] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Real
[04/02/2008|13:20] C:\DOCUME~1\FRDRIC~1\APPLIC~1\SiteAdvisor
[07/10/2007|13:33] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Skype
[16/07/2005|18:09] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sonic
[20/05/2005|15:28] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Sun
[16/06/2005|13:06] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Talkback
[13/12/2005|23:05] C:\DOCUME~1\FRDRIC~1\APPLIC~1\Thunderbird
[20/06/2005|22:57] C:\DOCUME~1\FRDRIC~1\APPLIC~1\View4U
[01/09/2005|18:10] C:\DOCUME~1\FRDRIC~1\APPLIC~1\vlc
[20/05/2005|15:30] C:\DOCUME~1\FRDRIC~1\APPLIC~1\You've Got Pictures Screensaver

[30/06/2005|11:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[07/04/2007|11:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[31/03/2007|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[15/06/2005|18:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Opera
[15/12/2007|20:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

[20/07/2005|19:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[13/06/2005|21:42] C:\DOCUME~1\Sandrine\APPLIC~1\Adobe
[20/08/2004|11:30] C:\DOCUME~1\Sandrine\APPLIC~1\DESKTOP.INI
[20/05/2005|14:59] C:\DOCUME~1\Sandrine\APPLIC~1\Identities
[20/05/2005|15:34] C:\DOCUME~1\Sandrine\APPLIC~1\Jasc Software Inc
[15/06/2005|20:24] C:\DOCUME~1\Sandrine\APPLIC~1\Macromedia
[20/07/2005|19:53] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft
[26/05/2005|18:11] C:\DOCUME~1\Sandrine\APPLIC~1\Microsoft Web Folders
[15/06/2005|17:52] C:\DOCUME~1\Sandrine\APPLIC~1\Opera
[20/05/2005|15:35] C:\DOCUME~1\Sandrine\APPLIC~1\Sonic
[20/05/2005|15:28] C:\DOCUME~1\Sandrine\APPLIC~1\Sun
[20/05/2005|15:30] C:\DOCUME~1\Sandrine\APPLIC~1\You've Got Pictures Screensaver

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[15/06/2008 01:02][--a------] C:\WINDOWS\tasks\McDefragTask.job
[12/07/2008 00:00][--a------] C:\WINDOWS\tasks\McQcTask.job
[04/07/2008 20:00][--a------] C:\WINDOWS\tasks\Analyse McAfee.com - Mon ordinateur (PCPRINCIPAL-Fr‚d‚ric).job
[12/07/2008 16:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[15/01/2006|18:27] C:\Program Files\.data211204.dat
[02/11/2005|21:31] C:\Program Files\.drv120405.dat
[15/01/2006|18:27] C:\Program Files\.ex010705.dat
[03/02/2006|18:59] C:\Program Files\@Last Software
[03/02/2007|12:09] C:\Program Files\AdbeRdr80_fr_FR.exe
[21/03/2008|10:16] C:\Program Files\Adobe
[13/06/2005|20:54] C:\Program Files\ahead
[31/01/2006|21:03] C:\Program Files\Alcohol Soft
[20/05/2005|15:17] C:\Program Files\Analog Devices
[15/06/2005|18:11] C:\Program Files\AVG
[29/12/2007|12:21] C:\Program Files\AVIConverter
[20/05/2005|15:29] C:\Program Files\Broadcom
[07/10/2007|13:23] C:\Program Files\Canon
[13/06/2005|20:51] C:\Program Files\codec
[25/02/2006|00:50] C:\Program Files\Common Files
[20/08/2006|16:12] C:\Program Files\CyberLink
[22/03/2006|13:59] C:\Program Files\Dell
[22/01/2008|01:46] C:\Program Files\Dictionnaire
[25/06/2008|12:50] C:\Program Files\DivX
[21/06/2005|22:22] C:\Program Files\DVD Region-Free
[14/06/2008|03:14] C:\Program Files\eMule
[05/03/2007|14:23] C:\Program Files\EPSON
[12/07/2008|19:34] C:\Program Files\Executables
[05/03/2007|14:08] C:\Program Files\Extrafilm FotoFacil
[22/01/2008|13:02] C:\Program Files\Fichiers communs
[10/07/2007|19:55] C:\Program Files\Free Spider
[14/06/2005|17:39] C:\Program Files\Free.fr
[01/09/2005|17:26] C:\Program Files\FunWebProducts
[15/05/2008|20:05] C:\Program Files\Gimp
[21/04/2008|09:57] C:\Program Files\Google
[02/03/2008|20:55] C:\Program Files\Google Video
[24/02/2006|23:07] C:\Program Files\Goto Software
[29/09/2007|11:02] C:\Program Files\Grisoft
[13/06/2005|21:12] C:\Program Files\Hewlett-Packard
[13/06/2005|21:15] C:\Program Files\hp deskjet 3820 series
[19/12/2006|23:55] C:\Program Files\IncrediMail
[17/03/2008|22:07] C:\Program Files\InstallShield Installation Information
[11/06/2008|21:14] C:\Program Files\Internet Explorer
[04/11/2006|13:28] C:\Program Files\iPod
[04/11/2006|13:28] C:\Program Files\iTunes
[14/04/2006|13:24] C:\Program Files\Jasc Software Inc
[15/03/2008|09:00] C:\Program Files\Java
[01/02/2006|19:59] C:\Program Files\Jeux classiques
[18/08/2005|20:40] C:\Program Files\jeuxclassiques.exe
[28/05/2007|19:54] C:\Program Files\KC Softwares
[28/12/2007|22:02] C:\Program Files\KGB Keylogger
[15/06/2008|19:18] C:\Program Files\K-Lite Codec Pack
[29/09/2007|10:16] C:\Program Files\Lavasoft
[20/05/2005|15:30] C:\Program Files\Learn2.com
[09/10/2007|20:03] C:\Program Files\Lecteur CANALPLAY
[03/12/2005|20:37] C:\Program Files\LectMedia
[09/06/2007|10:49] C:\Program Files\Logitech
[27/09/2007|20:20] C:\Program Files\Macrogaming
[20/06/2008|19:13] C:\Program Files\McAfee
[15/12/2007|20:05] C:\Program Files\McAfee.com
[24/07/2005|13:12] C:\Program Files\MediaLoads
[12/09/2007|21:15] C:\Program Files\Messenger
[09/04/2008|19:57] C:\Program Files\Messenger Plus! Live
[26/05/2005|18:11] C:\Program Files\microsoft frontpage
[26/05/2005|18:11] C:\Program Files\Microsoft Office
[20/08/2006|16:10] C:\Program Files\Microsoft Visual Studio
[20/05/2005|15:29] C:\Program Files\Microsoft Works
[24/01/2006|19:55] C:\Program Files\Movie Maker
[13/07/2008|11:24] C:\Program Files\Mozilla Firefox
[04/11/2006|12:47] C:\Program Files\Mozilla Thunderbird
[10/03/2006|18:55] C:\Program Files\mozilla.org
[20/05/2005|14:59] C:\Program Files\MSN
[20/05/2005|14:59] C:\Program Files\MSN Gaming Zone
[12/12/2007|00:38] C:\Program Files\MSN Messenger
[07/03/2007|19:00] C:\Program Files\MSXML 4.0
[02/02/2008|12:46] C:\Program Files\MUSICMATCH
[11/02/2006|17:32] C:\Program Files\NASA
[09/04/2006|15:40] C:\Program Files\Nero
[24/01/2006|19:51] C:\Program Files\NetMeeting
[13/06/2005|20:46] C:\Program Files\Norton AntiVirus
[07/10/2007|13:31] C:\Program Files\Opera7
[30/08/2005|13:02] C:\Program Files\OutClock
[13/06/2007|18:05] C:\Program Files\Outlook Express
[11/07/2008|22:13] C:\Program Files\Paint.NET
[06/03/2006|18:21] C:\Program Files\Paltalk Messenger
[07/03/2007|19:54] C:\Program Files\Panasonic
[26/08/2005|15:08] C:\Program Files\PDFCreator
[26/08/2005|14:17] C:\Program Files\PEERNET ePublisherPlus 2.0
[19/05/2007|22:55] C:\Program Files\Philips Intelligent Agent
[07/02/2006|23:39] C:\Program Files\PhotoFiltre
[22/07/2005|21:44] C:\Program Files\Photoshop 6.0
[03/04/2008|03:07] C:\Program Files\Picasa2
[11/06/2008|21:14] C:\Program Files\PixVillage
[14/04/2006|12:42] C:\Program Files\Publication Web
[04/11/2006|13:27] C:\Program Files\QuickTime
[24/10/2005|13:27] C:\Program Files\Real
[12/07/2008|01:08] C:\Program Files\RegCleaner
[21/03/2008|10:16] C:\Program Files\RKFree
[20/05/2005|15:00] C:\Program Files\Services en ligne
[19/10/2006|18:18] C:\Program Files\Sierra On-Line
[22/05/2008|10:14] C:\Program Files\SiteAdvisor
[26/05/2005|18:13] C:\Program Files\Snapshot Viewer
[20/05/2005|15:32] C:\Program Files\Sonic
[09/09/2007|11:13] C:\Program Files\Spybot - Search & Destroy
[13/06/2005|20:53] C:\Program Files\Symantec
[01/02/2006|20:01] C:\Program Files\thunderbird
[12/07/2008|19:34] C:\Program Files\Trend Micro
[20/06/2005|19:56] C:\Program Files\Uninstall Information
[01/02/2006|22:07] C:\Program Files\VideoLAN
[20/06/2005|22:58] C:\Program Files\View4U
[12/12/2007|00:39] C:\Program Files\Windows Live
[19/12/2007|00:55] C:\Program Files\Windows Live Toolbar
[05/04/2007|21:46] C:\Program Files\Windows Media Connect 2
[05/04/2007|21:46] C:\Program Files\Windows Media Player
[24/01/2006|19:51] C:\Program Files\Windows NT
[19/07/2005|21:33] C:\Program Files\WindowsUpdate
[22/02/2006|13:01] C:\Program Files\WinRAR
[27/01/2008|13:57] C:\Program Files\WinSpyKiller
[07/10/2007|13:45] C:\Program Files\WinZip
[20/05/2005|15:00] C:\Program Files\XEROX
[23/02/2008|01:50] C:\Program Files\Yahoo!

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[24/02/2008|11:32] C:\Program Files\Fichiers communs\Adobe
[19/05/2007|22:52] C:\Program Files\Fichiers communs\Ahead
[26/05/2005|18:23] C:\Program Files\Fichiers communs\AOL
[20/08/2006|16:10] C:\Program Files\Fichiers communs\Designer
[11/06/2007|18:49] C:\Program Files\Fichiers communs\fluxDVD
[28/01/2006|16:01] C:\Program Files\Fichiers communs\InstallShield
[20/05/2005|15:27] C:\Program Files\Fichiers communs\Java
[19/05/2007|22:24] C:\Program Files\Fichiers communs\LightScribe
[25/05/2005|13:06] C:\Program Files\Fichiers communs\Logitech
[29/03/2008|15:36] C:\Program Files\Fichiers communs\McAfee
[12/12/2007|00:36] C:\Program Files\Fichiers communs\Microsoft Shared
[11/06/2007|18:48] C:\Program Files\Fichiers communs\mpDRM
[20/05/2005|14:59] C:\Program Files\Fichiers communs\MSSoap
[20/05/2005|15:30] C:\Program Files\Fichiers communs\Nullsoft
[14/04/2006|11:26] C:\Program Files\Fichiers communs\ODBC
[12/11/2006|11:38] C:\Program Files\Fichiers communs\Real
[20/05/2005|14:59] C:\Program Files\Fichiers communs\Services
[20/05/2005|15:32] C:\Program Files\Fichiers communs\Sonic
[20/05/2005|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|18:13] C:\Program Files\Fichiers communs\System
[22/01/2008|21:23] C:\Program Files\Fichiers communs\tjd
[12/12/2007|00:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[03/01/2007|18:03] C:\Program Files\Fichiers communs\WinSoftware
[29/09/2007|10:13] C:\Program Files\Fichiers communs\Wise Installation Wizard
[12/11/2006|11:39] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 51

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1 regs bone]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\FRDRIC~1\\APPLIC~1\\DRAWDA~1\\free close.exe -uninstall"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 11:32:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner
C:\DOCUME~1\FRDRIC~1\APPLIC~1\MessengerSkinner\Userdata
C:\WINDOWS\Pack.epk
C:\WINDOWS\System32\nvs2.inf
[b]! EGDACCESS !/b

=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
=> C:\DOCUME~1\FRDRIC~1\MESDOC~1\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG.NFO
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\Patch.exe
=> C:\Documents and Settings\Fr‚d‚ric\Mes documents\Sandrine\Mes documents\Ma musique\Telechargement\SketchUp 5 full Crack\F4CG\setup.exe

[F:5][D:3]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp
[F:56][D:0]-> C:\DOCUME~1\FRDRIC~1\Cookies
[F:884][D:6]-> C:\DOCUME~1\FRDRIC~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 11:33:20,73 ]----------------------
0
Réponse 6 / 43
titouneee Messages postés 70 Statut Membre 10
 
et le rapport HitjackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:5989, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: hydria - {79cdca21-5055-4cae-b609-e1685ef55cf7} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/FRDRIC~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
0
Réponse 7 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
0
Réponse 8 / 43
titouneee Messages postés 70 Statut Membre 10
 
ci-dessous le rapport :

Search Navipromo version 3.6.0 commencé le 13/07/2008 à 17:17:25,39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Frédéric"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Frédéric\applic~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\Sandrine\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Frédéric\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Sandrine\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 13/07/2008 à 17:23:40,59 ***
0
Réponse 9 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Relance Navilog1, fais l'option 2 et poste le rapport.
0
Réponse 10 / 43
titouneee Messages postés 70 Statut Membre 10
 
le rapport :

Clean Navipromo version 3.6.0 commencé le 13/07/2008 à 18:10:29,15

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Frédéric"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Frédéric\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans "C:\DOCUME~1\Sandrine\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Frédéric\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Sandrine\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Fr‚d‚ric\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\Frédéric\locals~1\applic~1" *

* Dans "C:\DOCUME~1\Sandrine\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 13/07/2008 à 18:15:13,56 ***
0
Réponse 11 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
0
Réponse 12 / 43
titouneee Messages postés 70 Statut Membre 10
 
le rapport :

SmitFraudFix v2.329

Rapport fait à 18:23:52,53, 13/07/2008
Executé à partir de C:\Documents and Settings\Fr‚d‚ric\Bureau\medicaments ordi\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\RKFree\rkfree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frédéric\Bureau\medicaments ordi\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fr‚d‚ric

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fr‚d‚ric\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FRDRIC~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/FRDRIC~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/FRDRIC~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{79cdca21-5055-4cae-b609-e1685ef55cf7}"="hydria"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.32.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 13 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Redémarre en mode normal

- Poste le rapport SmitfraudFix et un nouveau rapport HijackThis
0
Réponse 14 / 43
titouneee Messages postés 70 Statut Membre 10
 
En mode sans échec, j'avais 2 sessions. J'ai donc lancé SmitfraudFix avec l'option 2 sur les 2 sessions.

Rapport pour la session Administrateur :

SmitFraudFix v2.329

Rapport fait à 18:44:05,12, 13/07/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 15 / 43
titouneee Messages postés 70 Statut Membre 10
 
Rapport pour la session de l'utilisateur courant (utilisateur sur lequel nous sommes tjs connecté) :

SmitFraudFix v2.329

Rapport fait à 18:37:42,28, 13/07/2008
Executé à partir de C:\Documents and Settings\Fr‚d‚ric\Bureau\medicaments ordi\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{79cdca21-5055-4cae-b609-e1685ef55cf7}"="hydria"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{95463AB3-5C0A-4D85-A259-E304CA6C3B03}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF8BEA2-9F3A-4D4A-BF83-A6BE9D1D70F5}: DhcpNameServer=212.27.54.252 212.27.32.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 16 / 43
titouneee Messages postés 70 Statut Membre 10
 
Rapport HitjackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:01, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
0
Réponse 17 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 18 / 43
titouneee Messages postés 70 Statut Membre 10
 
ci-dessous le rapport du scan complet avec MalwareByte's Anti-Malware :

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 945
Windows 5.1.2600 Service Pack 2

21:34:19 13/07/2008
mbam-log-7-13-2008 (21-34-19).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 144248
Temps écoulé: 2 hour(s), 9 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 107
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaLoads (Adware.Medload) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164090.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164091.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164092.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164093.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164094.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164095.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164096.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164097.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1027\A0164099.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\Uninstall.exe (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\WinSpyKiller1.wk (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
0
Réponse 19 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Wahoo...

Relance MAM, va dans Quarantaine et supprime tout.

Poste un nouveau rapport HijackThis.
0
Réponse 20 / 43
titouneee Messages postés 70 Statut Membre 10
 
je dois m'inquiéter de ce Wahoo ??? j'ai supprimé tout ce qu'il y avait dans Quarantaine.

Ci-dessous le rapport Hitjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:37, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\RKFree\rkfree.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EE337E0A-527D-9A24-15F0-943FF06F15DC} - C:\WINDOWS\FYI\cwyroituio.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Fork Bike Scr Download] C:\Documents and Settings\All Users\Application Data\Logo bat fork bike\MpegMeow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FTP Server] C:\DOCUME~1\FRDRIC~1\LOCALS~1\Temp\RPERTO~1.ZIP\ftpserv.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [hdnpek] C:\Program Files\Mozilla Firefox\hdnpek.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\window bleh.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [List Dent] C:\DOCUME~1\FRDRIC~1\APPLIC~1\DRAWDA~1\free close.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frédéric\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
0

Discussions similaires

Nvcontainers
Michel -
Michel -

7 réponses
DWM Notification Window dans la barre des tâches
TheMasterDreeaM -
bps -

2 réponses