Urgent !!Gros probleme de conexion
Résolu
dem0iselle
Messages postés
119
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
Ma connexion internet est faible et fait buguer mon ordi. Quand j'essaye d'aller sur quelques sites, il ya une page blanche . Par exemple pour le site miss34, sa met " délais d'attente dépassé " .
Merci d'avance .
Ma connexion internet est faible et fait buguer mon ordi. Quand j'essaye d'aller sur quelques sites, il ya une page blanche . Par exemple pour le site miss34, sa met " délais d'attente dépassé " .
Merci d'avance .
A voir également:
- Urgent !!Gros probleme de conexion
- Gmail conexion - Guide
- Fb conexion - Guide
- Instagram conexion - Guide
- Conexion hotmail - Guide
- Conexion laposte.net ✓ - Forum Téléphones & tablettes Android
14 réponses
slt,
-etape 1 : Hijackthis poste le rapport ici meme
(comment utilisé hijack ? : http://pageperso.aol.fr/balltrap34/demohijack.htm )
- etape 2:
prend sa Dr Web CureIt ! analyse rapide puis complete
-etape3 :
AVG Anti-spyware
A-squared
https://www.commentcamarche.net/telecharger/securite/20947-spyware-terminator/
https://www.commentcamarche.net/telecharger/securite/20939-spybot-search-and-destroy/
mise a jour des 4 puis analyse (pour spybot a la fin de l’analyse tu vaccine )
-etape 4 :
SmitFraudFix choisit la deuxieme reponse puis au bout d'un moment il va te dire:"voulez vous nettoyer le registre" met o
-etape 5 :
Disk Defrag
-etape 6 :
CCleaner repare et nettoie
-etape 7 :
poste 1nouveau log de hijack
si le probleme persiste encore :
-poste de travail--> clic droit sur le lecteur C--> propriété--> onglet outils--> verification des erreurs--> verifier maintenant--> coche tous --> démarrer--> redémarrer le PC --> cela va se faire sur une page bleu avec plein d’ecriture ( temps environ 2-3 heures)
-etape 1 : Hijackthis poste le rapport ici meme
(comment utilisé hijack ? : http://pageperso.aol.fr/balltrap34/demohijack.htm )
- etape 2:
prend sa Dr Web CureIt ! analyse rapide puis complete
-etape3 :
AVG Anti-spyware
A-squared
https://www.commentcamarche.net/telecharger/securite/20947-spyware-terminator/
https://www.commentcamarche.net/telecharger/securite/20939-spybot-search-and-destroy/
mise a jour des 4 puis analyse (pour spybot a la fin de l’analyse tu vaccine )
-etape 4 :
SmitFraudFix choisit la deuxieme reponse puis au bout d'un moment il va te dire:"voulez vous nettoyer le registre" met o
-etape 5 :
Disk Defrag
-etape 6 :
CCleaner repare et nettoie
-etape 7 :
poste 1nouveau log de hijack
si le probleme persiste encore :
-poste de travail--> clic droit sur le lecteur C--> propriété--> onglet outils--> verification des erreurs--> verifier maintenant--> coche tous --> démarrer--> redémarrer le PC --> cela va se faire sur une page bleu avec plein d’ecriture ( temps environ 2-3 heures)
bonjour, ok pour hijackthis mais tu postes le rapport et tu attends pour faire autre chose inutil de passer des outils sans savoir ce que l'on va trouver
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:43, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [platform bind axis time] C:\Documents and Settings\All Users\Application Data\soft ref platform bind\BLEH ADMIN.exe
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Title base.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Knob License] C:\DOCUME~1\MALATR~1\APPLIC~1\NEWEQD~1\SIXTH PLAN SPAM.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\malatrat melanie\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c6af32b442748c1b5885ba101ff93aa
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c6af32b442748c1b5885ba101ff93aa
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - http://www.lecornichon.qc.ca/galeries_1/perspub/000014-woody_allen_manson.jpg
Scan saved at 16:02:43, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [platform bind axis time] C:\Documents and Settings\All Users\Application Data\soft ref platform bind\BLEH ADMIN.exe
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Title base.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Knob License] C:\DOCUME~1\MALATR~1\APPLIC~1\NEWEQD~1\SIXTH PLAN SPAM.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\malatrat melanie\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c6af32b442748c1b5885ba101ff93aa
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c6af32b442748c1b5885ba101ff93aa
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - http://www.lecornichon.qc.ca/galeries_1/perspub/000014-woody_allen_manson.jpg
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour, Télécharges ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
Suppression
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
et puis tu remets un nouveau hijackthis merci
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
Suppression
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
et puis tu remets un nouveau hijackthis merci
-----------\\ ToolBar S&D 1.0.7 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : malatrat melanie ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 26/07/2008 | 16:26:10,99 ] [ PC : ACER-7989E0343A ]
[ MAJ : 25-07-2008 | 17:35 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\MALATR~1\APPLIC~1\Dealio
C:\DOCUME~1\MALATR~1\APPLIC~1\Dealio\kb127
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\MALATR~1\Cookies\malatrat melanie@dealio[1].txt
C:\DOCUME~1\MALATR~1\APPLIC~1\Search Settings
C:\DOCUME~1\MALATR~1\APPLIC~1\Search Settings\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\DOCUME~1\MALATR~1\LOCALS~1\TEMPOR~1\content.IE5\H5EBKH6N\gateway[1].1448884893
C:\DOCUME~1\MALATR~1\LOCALS~1\TEMPOR~1\content.IE5\ILCVU38B\gateway[1].1093888488
C:\DOCUME~1\MALATR~1\LOCALS~1\TEMPOR~1\content.IE5\WNM7UKJG\gateway[1].755048848
C:\Program Files\MSN Messenger\msimg32.dll
\...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)
-----------\\ Extensions
(malatrat melanie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(malatrat melanie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 16:28:57,97
c'est le rapport pour l"étape 2 de shadow
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : malatrat melanie ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 26/07/2008 | 16:26:10,99 ] [ PC : ACER-7989E0343A ]
[ MAJ : 25-07-2008 | 17:35 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\MALATR~1\APPLIC~1\Dealio
C:\DOCUME~1\MALATR~1\APPLIC~1\Dealio\kb127
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\MALATR~1\Cookies\malatrat melanie@dealio[1].txt
C:\DOCUME~1\MALATR~1\APPLIC~1\Search Settings
C:\DOCUME~1\MALATR~1\APPLIC~1\Search Settings\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\DOCUME~1\MALATR~1\LOCALS~1\TEMPOR~1\content.IE5\H5EBKH6N\gateway[1].1448884893
C:\DOCUME~1\MALATR~1\LOCALS~1\TEMPOR~1\content.IE5\ILCVU38B\gateway[1].1093888488
C:\DOCUME~1\MALATR~1\LOCALS~1\TEMPOR~1\content.IE5\WNM7UKJG\gateway[1].755048848
C:\Program Files\MSN Messenger\msimg32.dll
\...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)
-----------\\ Extensions
(malatrat melanie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(malatrat melanie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 16:28:57,97
c'est le rapport pour l"étape 2 de shadow
bon , tu Relances Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
et poste un nouveau hijackthis merci
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
et poste un nouveau hijackthis merci
Logfile of Spyware Terminator v2.3.0.481 (db:2.007.025.000)
Scan Time: 26/07/2008 17:43:45 length: 1973 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 110734 (Critical:13)
Filter: No System items, No Safe items, No Invalid items
Running Processes
MemCheck.exe [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
FTRTSVC.exe [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
PAStiSvc.exe : C:\WINDOWS\system32\PAStiSvc.exe
Toaster.exe [France Telecom R&D] : C:\Program Files\Wanadoo\Toaster.exe
Inactivity.exe : C:\Program Files\Wanadoo\Inactivity.exe
PollingModule.exe : C:\Program Files\Wanadoo\PollingModule.exe
AlertModule.exe : C:\WINDOWS\system32\AlertModule\AlertModule.exe
MessengerDiscovery Live.exe [MessengerDiscovery] : C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
GestionnaireInternet.exe [France Télécom R&D] : C:\Program Files\Wanadoo\GestionnaireInternet.exe
ComComp.exe [France Télécom R&D] : C:\Program Files\Wanadoo\ComComp.exe
Watch.exe [France Télécom R&D] : C:\Program Files\Wanadoo\Watch.exe
usnsvc.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\usnsvc.exe
HijackThis.exe [Trend Micro Inc.] : C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
a2service.exe [Emsi Software GmbH] : C:\Program Files\a-squared Free\a2service.exe
avgas.exe [GRISOFT s.r.o.] : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = https://fr.yahoo.com/
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - [Adobe Systems Incorporated] : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll
Toolbars
03 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - [HiTRUST] : C:\WINDOWS\system32\eDStoolbar.dll
03 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
03 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOKIT : : C:\Program Files\Wanadoo\Shell.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SkyTel : [Realtek Semiconductor Corp.] : C:\WINDOWS\SkyTel.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Alcmtr : [Realtek Semiconductor Corp.] : C:\WINDOWS\ALCMTR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ntiMUI : : C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSPY2002 : : C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Acer Empowering Technology Monitor : : C:\WINDOWS\system32\SysMonitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eDataSecurity Loader : [HiTRUST] : C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eRecoveryService : [Acer Inc.] : C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WarReg_PopUp : [Acer Inc.] : C:\ACER\WR_POPUP\WARREG_POPUP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOWATCH : [France Télécom R&D] : C:\Program Files\Wanadoo\Watch.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOTASKBARICON : [France Télécom R&D] : C:\Program Files\Wanadoo\GestMAJ.exe
04 - Startup: %STARTUP%\ENJOY Plus!.lnk : C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
04 - Startup: %STARTUP%\MSN Pictures Displayer.lnk : C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
04 - Startup: %STARTUPALL%\Acer Empowering Technology.lnk [Acer Inc.] : C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
04 - Startup: %STARTUPALL%\Acer WLAN 11g USB Dongle.lnk [X-Micro Technology Corp.] : C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
04 - Startup: %STARTUPALL%\Démarrage rapide de HP Photosmart Premier.lnk [Hewlett-Packard Development Company, L.P.] : C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
04 - Startup: %STARTUPALL%\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk : C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
Shell Extensions
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
Mes dossiers de partage - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Import Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
MSN Pictures Displayer - {D673BE8A-40A2-4412-A759-00C7E9777976} - : C:\WINDOWS\system32\ShellMPD.dll
a-squared Free Shell Extension - {A155339D-CCCD-4714-85EB-3754B804C9DF} - [Emsi Software GmbH] : C:\Program Files\a-squared Free\a2freecontmenu.dll
Shell Extecute Hooks
CShellExecuteHookImpl Object - {{57B86673-276A-48B2-BAE7-C6DBB3020EB8}} - [GRISOFT s.r.o.] : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
Services
23 - [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
23 - [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
23 - : C:\Acer\Empowering Technology\eRecovery\int15.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
23 - [NewTech Infosystems, Inc.] : C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\drivers\nvatabus.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - [Printing Communications Assoc., Inc. (PCAUSA)] : C:\WINDOWS\system32\PCANDIS5.SYS
23 - [HiTRUST] : C:\WINDOWS\system32\Drivers\psdfilter.sys
23 - [HiTRUST] : C:\WINDOWS\system32\Drivers\psdvdisk.sys
23 - [ZyDAS Technology Corporation] : C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
23 - : C:\WINDOWS\system32\PAStiSvc.exe
23 - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\usnsvc.exe
23 - [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23 - [Printing Communications Assoc., Inc. (PCAUSA)] : C:\WINDOWS\system32\Drivers\ZDPSp50.sys
23 - [Emsi Software GmbH] : C:\Program Files\a-squared Free\a2service.exe
23 - : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Threat Files
<FraudTool.Takedawnload.a> : C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule(2).exe
<FraudTool.Takedawnload.a> : C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule.exe
<Trojan.Inject.aed> : C:\WINDOWS\system32\KCMDNIns.exe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta172.0xe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta173.0xe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta1CC.0xe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta38F.0xe
Advanced Files Report
%SYSDIR%\hpz3l054.dll [Hewlett-Packard Company] [Language Monitor] MD5=FDB859F93C8491F961C3B9168FA90F51 SIZE=38400
%SystemDiskRoot%\Acer\Empowering Technology\ePerformance\MemCheck.exe [Acer Inc.] MD5=A7A071726A35955C05FCBF9ABDDBBD97 SIZE=28672
%SystemDiskRoot%\acer\empowering technology\eperformance\acer.empowering.shared.dll [Acer Inc.] MD5=25105E044BE76DEE26CD039077F986C9 SIZE=20480
%SystemDiskRoot%\acer\empowering technology\eperformance\acermemusagecheckservinterface.dll MD5=4A8ACDF9F987F058FBECA7922BA6B7E9 SIZE=16384
%SYSDIR%\FTRTSVC.exe [France Telecom] [FTRTSVC NT Service] MD5=D1261099E03EEE90976EA19002995B89 SIZE=40960
%SYSDIR%\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=4DF7E5656C21F01865492C63521F9A3E SIZE=36864
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=AB8134127F786C9603817B5318DCEEAA SIZE=73728
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 91.36] MD5=9F40402087B6D4A428571DD6CA83AC1E SIZE=155715
%SYSDIR%\PAStiSvc.exe MD5=ED78DFAD8EFCDFBC89500492C4D14645 SIZE=53248
%PROGRAMFILES%\Wanadoo\Toaster.exe [France Telecom R&D] [Application Toaster] MD5=C2D1BD2B433571ECEC29924ACE5D7C62 SIZE=69632
%PROGRAMFILES%\Wanadoo\StyleIHM.dll [France Télécom R&D] [Kit Générique - France Télécom R&D.] MD5=CF37736CBAD53E318A683DCA8E669887 SIZE=626688
%SYSDIR%\AlertModule\AlertClient.dll [AlertClient Module] MD5=42893D43DB574778E05AE85C2120984F SIZE=36864
%PROGRAMFILES%\Wanadoo\skin\Default\main\ResourceStyle.dll [Kit Wanadoo] MD5=6D66B152B9BC974B9EA979B1306EDE02 SIZE=1855488
%PROGRAMFILES%\Wanadoo\Inactivity.dll [Bibliothèque de liaison dynamique Inactivity] MD5=01516C007C86B7C1FCB31D2CD119FF12 SIZE=28672
%PROGRAMFILES%\Wanadoo\Inactivity.exe [Application Inactivity] MD5=5F6DBF75D05462EED92B42376E89D9FE SIZE=32768
%PROGRAMFILES%\Wanadoo\PollingModule.exe [Application PollingModule] MD5=EDF02F58940FD56C12357D150F5397C0 SIZE=69632
%PROGRAMFILES%\Wanadoo\OutilsFT.dll [France Télécom R&D] [Kit Wanadoo] MD5=F0AD5EF11EF655967F3C0A88DF01D5F3 SIZE=24576
%PROGRAMFILES%\Wanadoo\SynchroDll.dll [Bibliothèque de liaison dynamique SynchroDll] MD5=57F451645CA64B2A3792A1B2F7629724 SIZE=53248
%SYSDIR%\AlertModule\AlertModule.exe [Application AlertModule] MD5=68E404DB5525373FE0554ED2607F0C82 SIZE=45056
%PROGRAMFILES%\MessengerDiscovery\MessengerDiscovery Live.exe [MessengerDiscovery] [MessengerDiscovery Live] MD5=7AEE2C8113163304BBC5A416698DB724 SIZE=2703360
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqSTE08.rsc [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=09ECAF4E40372A014D1A5446983C2148 SIZE=176128
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqstp08.dll [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=63418EB433D986C728982446C6AA3CBA SIZE=139264
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqsem08.rsc [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=86AE256871B8F18DE9E3C49AE3798905 SIZE=696320
%SYSDIR%\hpzipr12.dll [HP] [HP PmlRtl] MD5=7AED5B18F7AA64E30BDE6891FCE182B4 SIZE=204800
%PROGRAMFILES%\HP\Digital Imaging\bin\crm\xmlparse.dll [xmlparse Dynamic Link Library] MD5=A7A0371C6C7F0A02B5668A0F504A23CB SIZE=65536
%PROGRAMFILES%\HP\Digital Imaging\bin\crm\xmltok.dll [xmltok Dynamic Link Library] MD5=6906658F82DE4C3F9538B189D93597C2 SIZE=77824
%PROGRAMFILES%\Wanadoo\GestionnaireInternet.exe [France Télécom R&D] [Kit de Connexion et de Services] MD5=5D17C66B5620142A06B7391BE20C0476 SIZE=819200
%PROGRAMFILES%\Wanadoo\WooIHMF.dll [France Télécom R&D] [Gestionnaire Internet] MD5=FF91F43C73ABF326C4203D3E9C478E72 SIZE=282624
%PROGRAMFILES%\Wanadoo\DetectComponent.dll [Bibliothèque de liaison dynamique DetectComponent] MD5=7C0DCEDC849C2780D246977B026AB2E6 SIZE=90112
%PROGRAMFILES%\Wanadoo\ComComp.exe [France Télécom R&D] [Kit de Connexion et de Services] MD5=5D589D0436C4C2D285B3418E79E78A21 SIZE=249856
%PROGRAMFILES%\Wanadoo\WLANManager.dll [France Télécom R&D] [WLANManager] MD5=3984A309960D2173D241CB07CEDABB12 SIZE=90112
%PROGRAMFILES%\Wanadoo\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=A690AE7F4418401815CE3D73D60B8C6F SIZE=36864
%SYSDIR%\W32N50.dll [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=A725BD088F906F29A619E392DA179AEC SIZE=81920
%PROGRAMFILES%\Wanadoo\GestAppFT.dll [France Télécom R&D] [Kit de Connexion et de Services] MD5=5E1EF37D7CF6658F453B7CFA268DBEE2 SIZE=151552
%PROGRAMFILES%\Wanadoo\ModifFT.dll [France Télécom R&D] [Kit Wanadoo] MD5=B5674B52F1B2026947DC6EF0248F089C SIZE=53248
%PROGRAMFILES%\Wanadoo\PMStub.dll [Bibliothèque de liaison dynamique PMStub] MD5=74D2A4D769D31151E1971AD2FCBCFFDA SIZE=36864
%PROGRAMFILES%\Wanadoo\PhoneManager.dll [Bibliothèque de liaison dynamique PhoneManager] MD5=FC02BFFAC618F14B9446FF371F92CADC SIZE=188416
%PROGRAMFILES%\Wanadoo\NDIS_Gen.dll [France Télécom R&D] [NDIS_Gen] MD5=9F436877B3566DB2302FC685AADADB0C SIZE=90112
%PROGRAMFILES%\Windows Live\Messenger\usnsvc.exe [Microsoft Corporation] [Messenger] MD5=9D19B042A4FD5C02195071EA2FE0C821 SIZE=98328
%PROGRAMFILES%\Trend Micro\HijackThis\HijackThis.exe [Trend Micro Inc.] [HijackThis] MD5=C4CA7416A6DF6D95075F81D9E3B41AD1 SIZE=396288
%PROGRAMFILES%\a-squared Free\a2service.exe [Emsi Software GmbH] [a-squared] MD5=11261818FA8DFA51476DA197886E0C63 SIZE=380016
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=CC6BC45DD5A58158645E7FB2953604FE SIZE=6731312
%PROGRAMFILES%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] [AcroIEHelper Library] MD5=42729C3DE75A7A51FC6F9EF6546C9199 SIZE=63136
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=3FD0B984601D65C6DA8E891A0D5905D1 SIZE=79408
%PROGRAMFILES%\Windows Live\Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=5F7A347E9D601E767EC69097C1EECDB2 SIZE=59728
%PROGRAMFILES%\Windows Live\Messenger\WINMM.dll MD5=1AB78BB286E0BC13D66520586FCDD6A8 SIZE=61440
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive1.dll [Patchou] [Messenger Plus! Live] MD5=EBAAB228C847F6AFE0FB990514CA2A31 SIZE=3291472
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes1.dll [Patchou] [Messenger Plus! Live] MD5=364A6C6EF147168AB20E7354DAD01041 SIZE=1815376
%PROGRAMFILES%\Messenger Plus! Live\MPScripts.dll [Patchou] [Messenger Plus! Live] MD5=E572B5FFE2AFA861782095E5527B5238 SIZE=8528
%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll MD5=00742B11F1492D15A0A8FF25E36AB9BE SIZE=370688
%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll MD5=75430D2F8B2E204814247D62D9445CE4 SIZE=390656
%SystemDiskRoot%\DOCUME~1\MALATR~1\APPLIC~1\NEWEQD~1\SIXTH PLAN SPAM.exe
%ALLUSERS_APPDATA%\soft ref platform bind\BLEH ADMIN.exe
%ALLUSERS_APPDATA%\third lies itch ford\Title base.exe
%PROGRAMFILES%\Dealio\DealioAU.exe
%PROGRAMFILES%\Search Settings\SearchSettings.exe
%PROGRAMFILES%\ENJOY Plus!\ENJOY Plus!.exe [ENJOY Plus!] MD5=8057B282AC9908D34D2E8034019118EA SIZE=1323520
%PROGRAMFILES%\MSN Pictures Displayer\MSN Pictures Displayer.exe MD5=56C9616FF939E98D519FE3D65B47958C SIZE=4561920
%SystemDiskRoot%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [Acer Inc.] MD5=419ADF942E8869E2925F3CE94AFE3B31 SIZE=45056
%PROGRAMFILES%\Acer WLAN 11g USB Dongle\ZDWlan.exe [X-Micro Technology Corp.] [IEEE 802.11 Wireless LAN Utility] MD5=12E322762D17B9EFFE84808E2E258AA7 SIZE=745472
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqthb08.exe [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=630F185A7A3CBABE2CF591BBB36985E1 SIZE=73728
%PROGRAMFILES%\SAGEM WiFi manager\WLANUTL.exe [SAGEM Wi-Fi 11g USB adapter LAN Utility] MD5=51AB059189E228AAF8774B72B129ABEC SIZE=925696
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=7B662A00373902B6295B3D833AC1E997 SIZE=439872
%PROGRAMFILES%\Windows Live Toolbar\msntb.dll [Microsoft Corporation] [Windows Live Toolbar] MD5=CEE1BE1DA21300208D07FBEAE9EA2B51 SIZE=546320
deskpan.dll
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 110.44] MD5=64B7EDF5A424B25508BE1026879FF6DC SIZE=466944
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Messenger] MD5=6A69BEDDD514F21B8A216B85EAF330B5 SIZE=858136
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live Photo Gallery] MD5=86C67242AC4ADA2C20D0748157E3ED8C SIZE=227456
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live Photo Gallery] MD5=024F4D95154039B2292F4B856A52AB7D SIZE=46112
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F374B7-B390-4884-B372-2FC349F2172B}
%SYSDIR%\ShellMPD.dll MD5=E0031B03F2E169599D5D93DADD45C7D0 SIZE=446976
%PROGRAMFILES%\a-squared Free\a2freecontmenu.dll [Emsi Software GmbH] [a-squared Free] MD5=FD8ED176A58621F1AABBDD7FE42174C5 SIZE=216208
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\dllhost.exe \Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k HTTPFilter
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\int15.sys MD5=4D8D5B1C895EA0F2A721B98A7CE198F1 SIZE=69632
%SYSDIR%\drivers\RtkHDAud.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab)] MD5=3000E98F519CF6FDA669BAE8E47F7B4F SIZE=4284928
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\NTIDrvr.sys [NewTech Infosystems, Inc.] MD5=7F1C1F78D709C4A54CBB46EDE7E0B48D SIZE=6144
%SYSDIR%\drivers\nvatabus.sys [NVIDIA Corporation] [NVIDIA nForce(TM) IDE Driver] MD5=9ECCD189A9554C30A0D18A429778C7BA SIZE=105088
%SYSDIR%\PCANDIS5.SYS [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=2F9806B52CB3748B1E49222744B28E3C SIZE=17134
%SYSDIR%\Drivers\psdfilter.sys [HiTRUST] MD5=00B670D8A36C7134CFC66B446A18CC92 SIZE=12288
%SYSDIR%\Drivers\psdvdisk.sys [HiTRUST] MD5=E9A60343CB7C39090638B1DD574F26EB SIZE=60416
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\WlanBZXP.sys [ZyDAS Technology Corporation] [ZD1211B 802.11 b+g USB LAN Adapter] MD5=478B4415DFB3A45B6FE61EC781E07D7B SIZE=402432
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\yk51x86.sys [Marvell] [Marvell Yukon Ethernet Controller] MD5=518C4D4DCB93C88316303694163BBD63 SIZE=244864
%SYSDIR%\Drivers\ZDPSp50.sys [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=00AE175B903D45ED4A62384D3315DC2A SIZE=17664
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\guard.sys MD5=D6F4C1450699901048818B0C3AAF7A17 SIZE=11000
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072
End of Report
Suppression:
Préparation…
Supprimer Trojan.Inject.aed
Les fichiers sélectionnés ont été supprimés.: C:\WINDOWS\system32\KCMDNIns.exe
Supprimer Trojan.Obfuscated.mw
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta172.0xe
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta173.0xe
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta1CC.0xe
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta38F.0xe
Supprimer MovieLand
Suppression de la clé registre : HKCR\AppID\DownloadManager.EXE
Supprimer Affiliate tracking cookie
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\cookies\malatrat melanie@ads.pointroll[1].txt
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\cookies\malatrat melanie@atdmt[2].txt
Le fichier sélectionné pour la suppression n'existe pas: C:\Documents and Settings\malatrat melanie\cookies\malatrat melanie@serving-sys[2].txt
Supprimer FraudTool.Takedawnload.a
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule(2).exe
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule.exe
Supprimer Invalid Startup Items
Suppression de la clé registre : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Knob License
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run platform bind axis time
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Itch ford four knob
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run au
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SearchSettings
Analyse(s) terminée(s)
VOICI LE RAPPORT DE SPYWARE TERMINATOR ET APPAREMENT UN LOGICIEL POSE PROBLEME =O
Scan Time: 26/07/2008 17:43:45 length: 1973 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 110734 (Critical:13)
Filter: No System items, No Safe items, No Invalid items
Running Processes
MemCheck.exe [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
FTRTSVC.exe [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
PAStiSvc.exe : C:\WINDOWS\system32\PAStiSvc.exe
Toaster.exe [France Telecom R&D] : C:\Program Files\Wanadoo\Toaster.exe
Inactivity.exe : C:\Program Files\Wanadoo\Inactivity.exe
PollingModule.exe : C:\Program Files\Wanadoo\PollingModule.exe
AlertModule.exe : C:\WINDOWS\system32\AlertModule\AlertModule.exe
MessengerDiscovery Live.exe [MessengerDiscovery] : C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
GestionnaireInternet.exe [France Télécom R&D] : C:\Program Files\Wanadoo\GestionnaireInternet.exe
ComComp.exe [France Télécom R&D] : C:\Program Files\Wanadoo\ComComp.exe
Watch.exe [France Télécom R&D] : C:\Program Files\Wanadoo\Watch.exe
usnsvc.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\usnsvc.exe
HijackThis.exe [Trend Micro Inc.] : C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
a2service.exe [Emsi Software GmbH] : C:\Program Files\a-squared Free\a2service.exe
avgas.exe [GRISOFT s.r.o.] : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = https://fr.yahoo.com/
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - [Adobe Systems Incorporated] : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll
Toolbars
03 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - [HiTRUST] : C:\WINDOWS\system32\eDStoolbar.dll
03 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
03 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOKIT : : C:\Program Files\Wanadoo\Shell.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SkyTel : [Realtek Semiconductor Corp.] : C:\WINDOWS\SkyTel.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Alcmtr : [Realtek Semiconductor Corp.] : C:\WINDOWS\ALCMTR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ntiMUI : : C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSPY2002 : : C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Acer Empowering Technology Monitor : : C:\WINDOWS\system32\SysMonitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eDataSecurity Loader : [HiTRUST] : C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eRecoveryService : [Acer Inc.] : C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WarReg_PopUp : [Acer Inc.] : C:\ACER\WR_POPUP\WARREG_POPUP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Development Company, L.P.] : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOWATCH : [France Télécom R&D] : C:\Program Files\Wanadoo\Watch.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOTASKBARICON : [France Télécom R&D] : C:\Program Files\Wanadoo\GestMAJ.exe
04 - Startup: %STARTUP%\ENJOY Plus!.lnk : C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
04 - Startup: %STARTUP%\MSN Pictures Displayer.lnk : C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
04 - Startup: %STARTUPALL%\Acer Empowering Technology.lnk [Acer Inc.] : C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
04 - Startup: %STARTUPALL%\Acer WLAN 11g USB Dongle.lnk [X-Micro Technology Corp.] : C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
04 - Startup: %STARTUPALL%\Démarrage rapide de HP Photosmart Premier.lnk [Hewlett-Packard Development Company, L.P.] : C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
04 - Startup: %STARTUPALL%\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk : C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
Shell Extensions
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
Mes dossiers de partage - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Import Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
MSN Pictures Displayer - {D673BE8A-40A2-4412-A759-00C7E9777976} - : C:\WINDOWS\system32\ShellMPD.dll
a-squared Free Shell Extension - {A155339D-CCCD-4714-85EB-3754B804C9DF} - [Emsi Software GmbH] : C:\Program Files\a-squared Free\a2freecontmenu.dll
Shell Extecute Hooks
CShellExecuteHookImpl Object - {{57B86673-276A-48B2-BAE7-C6DBB3020EB8}} - [GRISOFT s.r.o.] : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
Services
23 - [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
23 - [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
23 - : C:\Acer\Empowering Technology\eRecovery\int15.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
23 - [NewTech Infosystems, Inc.] : C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\drivers\nvatabus.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - [Printing Communications Assoc., Inc. (PCAUSA)] : C:\WINDOWS\system32\PCANDIS5.SYS
23 - [HiTRUST] : C:\WINDOWS\system32\Drivers\psdfilter.sys
23 - [HiTRUST] : C:\WINDOWS\system32\Drivers\psdvdisk.sys
23 - [ZyDAS Technology Corporation] : C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
23 - : C:\WINDOWS\system32\PAStiSvc.exe
23 - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\usnsvc.exe
23 - [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23 - [Printing Communications Assoc., Inc. (PCAUSA)] : C:\WINDOWS\system32\Drivers\ZDPSp50.sys
23 - [Emsi Software GmbH] : C:\Program Files\a-squared Free\a2service.exe
23 - : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Threat Files
<FraudTool.Takedawnload.a> : C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule(2).exe
<FraudTool.Takedawnload.a> : C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule.exe
<Trojan.Inject.aed> : C:\WINDOWS\system32\KCMDNIns.exe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta172.0xe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta173.0xe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta1CC.0xe
<Trojan.Obfuscated.mw> : C:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta38F.0xe
Advanced Files Report
%SYSDIR%\hpz3l054.dll [Hewlett-Packard Company] [Language Monitor] MD5=FDB859F93C8491F961C3B9168FA90F51 SIZE=38400
%SystemDiskRoot%\Acer\Empowering Technology\ePerformance\MemCheck.exe [Acer Inc.] MD5=A7A071726A35955C05FCBF9ABDDBBD97 SIZE=28672
%SystemDiskRoot%\acer\empowering technology\eperformance\acer.empowering.shared.dll [Acer Inc.] MD5=25105E044BE76DEE26CD039077F986C9 SIZE=20480
%SystemDiskRoot%\acer\empowering technology\eperformance\acermemusagecheckservinterface.dll MD5=4A8ACDF9F987F058FBECA7922BA6B7E9 SIZE=16384
%SYSDIR%\FTRTSVC.exe [France Telecom] [FTRTSVC NT Service] MD5=D1261099E03EEE90976EA19002995B89 SIZE=40960
%SYSDIR%\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=4DF7E5656C21F01865492C63521F9A3E SIZE=36864
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=AB8134127F786C9603817B5318DCEEAA SIZE=73728
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 91.36] MD5=9F40402087B6D4A428571DD6CA83AC1E SIZE=155715
%SYSDIR%\PAStiSvc.exe MD5=ED78DFAD8EFCDFBC89500492C4D14645 SIZE=53248
%PROGRAMFILES%\Wanadoo\Toaster.exe [France Telecom R&D] [Application Toaster] MD5=C2D1BD2B433571ECEC29924ACE5D7C62 SIZE=69632
%PROGRAMFILES%\Wanadoo\StyleIHM.dll [France Télécom R&D] [Kit Générique - France Télécom R&D.] MD5=CF37736CBAD53E318A683DCA8E669887 SIZE=626688
%SYSDIR%\AlertModule\AlertClient.dll [AlertClient Module] MD5=42893D43DB574778E05AE85C2120984F SIZE=36864
%PROGRAMFILES%\Wanadoo\skin\Default\main\ResourceStyle.dll [Kit Wanadoo] MD5=6D66B152B9BC974B9EA979B1306EDE02 SIZE=1855488
%PROGRAMFILES%\Wanadoo\Inactivity.dll [Bibliothèque de liaison dynamique Inactivity] MD5=01516C007C86B7C1FCB31D2CD119FF12 SIZE=28672
%PROGRAMFILES%\Wanadoo\Inactivity.exe [Application Inactivity] MD5=5F6DBF75D05462EED92B42376E89D9FE SIZE=32768
%PROGRAMFILES%\Wanadoo\PollingModule.exe [Application PollingModule] MD5=EDF02F58940FD56C12357D150F5397C0 SIZE=69632
%PROGRAMFILES%\Wanadoo\OutilsFT.dll [France Télécom R&D] [Kit Wanadoo] MD5=F0AD5EF11EF655967F3C0A88DF01D5F3 SIZE=24576
%PROGRAMFILES%\Wanadoo\SynchroDll.dll [Bibliothèque de liaison dynamique SynchroDll] MD5=57F451645CA64B2A3792A1B2F7629724 SIZE=53248
%SYSDIR%\AlertModule\AlertModule.exe [Application AlertModule] MD5=68E404DB5525373FE0554ED2607F0C82 SIZE=45056
%PROGRAMFILES%\MessengerDiscovery\MessengerDiscovery Live.exe [MessengerDiscovery] [MessengerDiscovery Live] MD5=7AEE2C8113163304BBC5A416698DB724 SIZE=2703360
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqSTE08.rsc [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=09ECAF4E40372A014D1A5446983C2148 SIZE=176128
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqstp08.dll [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=63418EB433D986C728982446C6AA3CBA SIZE=139264
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqsem08.rsc [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=86AE256871B8F18DE9E3C49AE3798905 SIZE=696320
%SYSDIR%\hpzipr12.dll [HP] [HP PmlRtl] MD5=7AED5B18F7AA64E30BDE6891FCE182B4 SIZE=204800
%PROGRAMFILES%\HP\Digital Imaging\bin\crm\xmlparse.dll [xmlparse Dynamic Link Library] MD5=A7A0371C6C7F0A02B5668A0F504A23CB SIZE=65536
%PROGRAMFILES%\HP\Digital Imaging\bin\crm\xmltok.dll [xmltok Dynamic Link Library] MD5=6906658F82DE4C3F9538B189D93597C2 SIZE=77824
%PROGRAMFILES%\Wanadoo\GestionnaireInternet.exe [France Télécom R&D] [Kit de Connexion et de Services] MD5=5D17C66B5620142A06B7391BE20C0476 SIZE=819200
%PROGRAMFILES%\Wanadoo\WooIHMF.dll [France Télécom R&D] [Gestionnaire Internet] MD5=FF91F43C73ABF326C4203D3E9C478E72 SIZE=282624
%PROGRAMFILES%\Wanadoo\DetectComponent.dll [Bibliothèque de liaison dynamique DetectComponent] MD5=7C0DCEDC849C2780D246977B026AB2E6 SIZE=90112
%PROGRAMFILES%\Wanadoo\ComComp.exe [France Télécom R&D] [Kit de Connexion et de Services] MD5=5D589D0436C4C2D285B3418E79E78A21 SIZE=249856
%PROGRAMFILES%\Wanadoo\WLANManager.dll [France Télécom R&D] [WLANManager] MD5=3984A309960D2173D241CB07CEDABB12 SIZE=90112
%PROGRAMFILES%\Wanadoo\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=A690AE7F4418401815CE3D73D60B8C6F SIZE=36864
%SYSDIR%\W32N50.dll [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=A725BD088F906F29A619E392DA179AEC SIZE=81920
%PROGRAMFILES%\Wanadoo\GestAppFT.dll [France Télécom R&D] [Kit de Connexion et de Services] MD5=5E1EF37D7CF6658F453B7CFA268DBEE2 SIZE=151552
%PROGRAMFILES%\Wanadoo\ModifFT.dll [France Télécom R&D] [Kit Wanadoo] MD5=B5674B52F1B2026947DC6EF0248F089C SIZE=53248
%PROGRAMFILES%\Wanadoo\PMStub.dll [Bibliothèque de liaison dynamique PMStub] MD5=74D2A4D769D31151E1971AD2FCBCFFDA SIZE=36864
%PROGRAMFILES%\Wanadoo\PhoneManager.dll [Bibliothèque de liaison dynamique PhoneManager] MD5=FC02BFFAC618F14B9446FF371F92CADC SIZE=188416
%PROGRAMFILES%\Wanadoo\NDIS_Gen.dll [France Télécom R&D] [NDIS_Gen] MD5=9F436877B3566DB2302FC685AADADB0C SIZE=90112
%PROGRAMFILES%\Windows Live\Messenger\usnsvc.exe [Microsoft Corporation] [Messenger] MD5=9D19B042A4FD5C02195071EA2FE0C821 SIZE=98328
%PROGRAMFILES%\Trend Micro\HijackThis\HijackThis.exe [Trend Micro Inc.] [HijackThis] MD5=C4CA7416A6DF6D95075F81D9E3B41AD1 SIZE=396288
%PROGRAMFILES%\a-squared Free\a2service.exe [Emsi Software GmbH] [a-squared] MD5=11261818FA8DFA51476DA197886E0C63 SIZE=380016
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=CC6BC45DD5A58158645E7FB2953604FE SIZE=6731312
%PROGRAMFILES%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] [AcroIEHelper Library] MD5=42729C3DE75A7A51FC6F9EF6546C9199 SIZE=63136
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=3FD0B984601D65C6DA8E891A0D5905D1 SIZE=79408
%PROGRAMFILES%\Windows Live\Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=5F7A347E9D601E767EC69097C1EECDB2 SIZE=59728
%PROGRAMFILES%\Windows Live\Messenger\WINMM.dll MD5=1AB78BB286E0BC13D66520586FCDD6A8 SIZE=61440
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive1.dll [Patchou] [Messenger Plus! Live] MD5=EBAAB228C847F6AFE0FB990514CA2A31 SIZE=3291472
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes1.dll [Patchou] [Messenger Plus! Live] MD5=364A6C6EF147168AB20E7354DAD01041 SIZE=1815376
%PROGRAMFILES%\Messenger Plus! Live\MPScripts.dll [Patchou] [Messenger Plus! Live] MD5=E572B5FFE2AFA861782095E5527B5238 SIZE=8528
%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll MD5=00742B11F1492D15A0A8FF25E36AB9BE SIZE=370688
%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll MD5=75430D2F8B2E204814247D62D9445CE4 SIZE=390656
%SystemDiskRoot%\DOCUME~1\MALATR~1\APPLIC~1\NEWEQD~1\SIXTH PLAN SPAM.exe
%ALLUSERS_APPDATA%\soft ref platform bind\BLEH ADMIN.exe
%ALLUSERS_APPDATA%\third lies itch ford\Title base.exe
%PROGRAMFILES%\Dealio\DealioAU.exe
%PROGRAMFILES%\Search Settings\SearchSettings.exe
%PROGRAMFILES%\ENJOY Plus!\ENJOY Plus!.exe [ENJOY Plus!] MD5=8057B282AC9908D34D2E8034019118EA SIZE=1323520
%PROGRAMFILES%\MSN Pictures Displayer\MSN Pictures Displayer.exe MD5=56C9616FF939E98D519FE3D65B47958C SIZE=4561920
%SystemDiskRoot%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [Acer Inc.] MD5=419ADF942E8869E2925F3CE94AFE3B31 SIZE=45056
%PROGRAMFILES%\Acer WLAN 11g USB Dongle\ZDWlan.exe [X-Micro Technology Corp.] [IEEE 802.11 Wireless LAN Utility] MD5=12E322762D17B9EFFE84808E2E258AA7 SIZE=745472
%PROGRAMFILES%\HP\Digital Imaging\bin\hpqthb08.exe [Hewlett-Packard Development Company, L.P.] [hp digital imaging] MD5=630F185A7A3CBABE2CF591BBB36985E1 SIZE=73728
%PROGRAMFILES%\SAGEM WiFi manager\WLANUTL.exe [SAGEM Wi-Fi 11g USB adapter LAN Utility] MD5=51AB059189E228AAF8774B72B129ABEC SIZE=925696
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=7B662A00373902B6295B3D833AC1E997 SIZE=439872
%PROGRAMFILES%\Windows Live Toolbar\msntb.dll [Microsoft Corporation] [Windows Live Toolbar] MD5=CEE1BE1DA21300208D07FBEAE9EA2B51 SIZE=546320
deskpan.dll
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 110.44] MD5=64B7EDF5A424B25508BE1026879FF6DC SIZE=466944
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Messenger] MD5=6A69BEDDD514F21B8A216B85EAF330B5 SIZE=858136
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live Photo Gallery] MD5=86C67242AC4ADA2C20D0748157E3ED8C SIZE=227456
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live Photo Gallery] MD5=024F4D95154039B2292F4B856A52AB7D SIZE=46112
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F374B7-B390-4884-B372-2FC349F2172B}
%SYSDIR%\ShellMPD.dll MD5=E0031B03F2E169599D5D93DADD45C7D0 SIZE=446976
%PROGRAMFILES%\a-squared Free\a2freecontmenu.dll [Emsi Software GmbH] [a-squared Free] MD5=FD8ED176A58621F1AABBDD7FE42174C5 SIZE=216208
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\dllhost.exe \Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k HTTPFilter
%SystemDiskRoot%\Acer\Empowering Technology\eRecovery\int15.sys MD5=4D8D5B1C895EA0F2A721B98A7CE198F1 SIZE=69632
%SYSDIR%\drivers\RtkHDAud.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab)] MD5=3000E98F519CF6FDA669BAE8E47F7B4F SIZE=4284928
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\NTIDrvr.sys [NewTech Infosystems, Inc.] MD5=7F1C1F78D709C4A54CBB46EDE7E0B48D SIZE=6144
%SYSDIR%\drivers\nvatabus.sys [NVIDIA Corporation] [NVIDIA nForce(TM) IDE Driver] MD5=9ECCD189A9554C30A0D18A429778C7BA SIZE=105088
%SYSDIR%\PCANDIS5.SYS [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=2F9806B52CB3748B1E49222744B28E3C SIZE=17134
%SYSDIR%\Drivers\psdfilter.sys [HiTRUST] MD5=00B670D8A36C7134CFC66B446A18CC92 SIZE=12288
%SYSDIR%\Drivers\psdvdisk.sys [HiTRUST] MD5=E9A60343CB7C39090638B1DD574F26EB SIZE=60416
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\WlanBZXP.sys [ZyDAS Technology Corporation] [ZD1211B 802.11 b+g USB LAN Adapter] MD5=478B4415DFB3A45B6FE61EC781E07D7B SIZE=402432
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\yk51x86.sys [Marvell] [Marvell Yukon Ethernet Controller] MD5=518C4D4DCB93C88316303694163BBD63 SIZE=244864
%SYSDIR%\Drivers\ZDPSp50.sys [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=00AE175B903D45ED4A62384D3315DC2A SIZE=17664
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\guard.sys MD5=D6F4C1450699901048818B0C3AAF7A17 SIZE=11000
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072
End of Report
Suppression:
Préparation…
Supprimer Trojan.Inject.aed
Les fichiers sélectionnés ont été supprimés.: C:\WINDOWS\system32\KCMDNIns.exe
Supprimer Trojan.Obfuscated.mw
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta172.0xe
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta173.0xe
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta1CC.0xe
Le fichier sélectionné pour la suppression n'existe pas: c:\Documents and Settings\malatrat melanie\Local Settings\Temp\sta38F.0xe
Supprimer MovieLand
Suppression de la clé registre : HKCR\AppID\DownloadManager.EXE
Supprimer Affiliate tracking cookie
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\cookies\malatrat melanie@ads.pointroll[1].txt
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\cookies\malatrat melanie@atdmt[2].txt
Le fichier sélectionné pour la suppression n'existe pas: C:\Documents and Settings\malatrat melanie\cookies\malatrat melanie@serving-sys[2].txt
Supprimer FraudTool.Takedawnload.a
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule(2).exe
Les fichiers sélectionnés ont été supprimés.: C:\Documents and Settings\malatrat melanie\Bureau\Logiciels\instala-emule.exe
Supprimer Invalid Startup Items
Suppression de la clé registre : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Knob License
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run platform bind axis time
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Itch ford four knob
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run au
Echec de l'annulation d'enregistrement.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SearchSettings
Analyse(s) terminée(s)
VOICI LE RAPPORT DE SPYWARE TERMINATOR ET APPAREMENT UN LOGICIEL POSE PROBLEME =O
