AntiSpyCheck

Résolu
hassan23 Messages postés 7 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
j'ai un pb avec des fenêtre de pub intensives qui s'affichent par tout, parfois IE est bloqué et je ne peux pas naviguer sur le web. il y a aussi un logiciel télécharger maladroitement qui s'appelle AntiSpyCheck et je n'arrive pas à le supprimer. parmis les fenêtres qui s'affichent, AntiSpyCheck Alert, windows-defense.com, microsoft security center, et chaque fois que clic pour fermet la fenêtre j'ai une fenêtre pour executer un programme je fais annuler je ne sui pas pro je ne sais pas comment j'ai fais pour avoir ce problème ni comment le résoudre, je pense à formater mon PC. si quelqu'un à une autre solution pour m'aider je vous en remercie car ça devient agassant.
Configuration: Windows XP
Internet Explorer 6.0

11 réponses

  1. Utilisateur anonyme
     
    Salut

    Télécharge HijackThis ici :

    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    2
  2. hassan23
     
    Merci chiquitine29
    voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:50:23, on 28/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Web Technologies\wcs.exe
    C:\Program Files\Web Technologies\iebtm.exe
    C:\Program Files\TOPNET\AccessRunner ADSL\CnxDslTb.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ubpr01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Web Technologies\wcm.exe
    C:\Program Files\ASpyC\ASpyC.exe
    C:\Program Files\Web Technologies\iebtmm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {A41F7113-D904-458A-A85F-DADA3A0FE1A4} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O2 - BHO: TBSB00817 - {D092AF06-FDD0-493C-81B5-4BE4B4725489} - C:\Program Files\IEToolbar\Win32\Flash_Player_Plugin_BAckup_04_29_08.dll
    O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Web Technologies\iebt.dll
    O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
    O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll (file missing)
    O3 - Toolbar: Win32 - {AC33F678-1FE3-4896-AB82-0BF8248B1086} - C:\Program Files\IEToolbar\Win32\Flash_Player_Plugin_BAckup_04_29_08.dll
    O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - C:\Program Files\Web Technologies\iebr.dll (file missing)
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TOPNET\AccessRunner ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
    O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
    O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browseroption.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browseroption.com/redirect.php (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F75C8DA2-F8A4-454B-886E-F6B1CEA9A872}: NameServer = 213.150.176.196 193.95.67.22
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: frisbee - {c96395b8-ab09-46a4-b539-7ddf6e061808} - (no file)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    0
  3. Utilisateur anonyme
     
    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  4. hassan23 Messages postés 7 Statut Membre
     
    voici le rapport:

    Malwarebytes' Anti-Malware 1.23
    Version de la base de données: 1002
    Windows 5.1.2600 Service Pack 2

    00:48:42 29/07/2008
    mbam-log-7-29-2008 (00-48-42).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 109425
    Temps écoulé: 44 minute(s), 44 second(s)

    Processus mémoire infecté(s): 6
    Module(s) mémoire infecté(s): 7
    Clé(s) du Registre infectée(s): 63
    Valeur(s) du Registre infectée(s): 30
    Elément(s) de données du Registre infecté(s): 16
    Dossier(s) infecté(s): 28
    Fichier(s) infecté(s): 65

    Processus mémoire infecté(s):
    C:\Program Files\ASpyC\ASpyC.exe (Rogue.VirusHeat) -> Unloaded process successfully.
    C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
    C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.
    C:\Program Files\Web Technologies\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.
    C:\Program Files\Web Technologies\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.
    C:\WINDOWS\system32\ubpr01.exe (Trojan.Zlob) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopper) -> Delete on reboot.
    C:\Program Files\Web Technologies\iebt.dll (Trojan.Zlob) -> Delete on reboot.
    C:\Program Files\IEToolbar\Win32\autofill_plugin.dll (Adware.DosPopToolbar) -> Delete on reboot.
    C:\Program Files\IEToolbar\Win32\autosearch_plugin.dll (Adware.DosPopToolbar) -> Delete on reboot.
    C:\Program Files\IEToolbar\Win32\Flash_Player_Plugin_BAckup_04_29_08.dll (Adware.DosPopToolbar) -> Delete on reboot.
    C:\Program Files\IEToolbar\Win32\panicButton_plugin.dll (Adware.DosPopToolbar) -> Delete on reboot.
    C:\Program Files\IEToolbar\Win32\tell_a_friend.dll (Adware.DosPopToolbar) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d46beaa4-a304-40b3-a9da-ec7f7f501f25} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d46beaa4-a304-40b3-a9da-ec7f7f501f25} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{6130f3e2-6556-4846-a01b-cf44d568801d} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{835ca9ae-9eb0-45c3-baca-ba990820439b} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a0bb429a-367b-4e5b-8204-158fb8e9e906} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ac33f678-1fe3-4896-ab82-0bf8248b1086} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d092af06-fdd0-493c-81b5-4be4b4725489} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d092af06-fdd0-493c-81b5-4be4b4725489} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aspyc (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c96395b8-ab09-46a4-b539-7ddf6e061808} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ac33f678-1fe3-4896-ab82-0bf8248b1086} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ac33f678-1fe3-4896-ab82-0bf8248b1086} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger (Worm.Sohanad) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\Web Technologies (Trojan.Zlob) -> Delete on reboot.
    C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32 (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\461942 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\ASpyC\ASpyC.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopper) -> Quarantined and deleted successfully.
    C:\Program Files\Web Technologies\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Web Technologies\wcm.exe (Trojan.Zlob) -> Delete on reboot.
    C:\Program Files\Web Technologies\wcs.exe (Trojan.Zlob) -> Delete on reboot.
    C:\Documents and Settings\hatem\Local Settings\Application Data\gsqkg_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Local Settings\Application Data\gsqkg_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Local Settings\Application Data\gsqkg.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Local Settings\Application Data\gsqkg.exe (Adware.Navipromo) -> Delete on reboot.
    C:\Program Files\IEToolbar\Win32\tbhelper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Local Settings\Temporary Internet Files\Content.IE5\1C8ZXXS9\AV2009Install_880348[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Local Settings\Temporary Internet Files\Content.IE5\O12381Y7\spyguarder_install_8596[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AB58FA50-BA8A-43E6-BF0D-AF62A1AF7B1D}\RP222\A0071381.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AB58FA50-BA8A-43E6-BF0D-AF62A1AF7B1D}\RP222\A0071383.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AB58FA50-BA8A-43E6-BF0D-AF62A1AF7B1D}\RP226\A0071468.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AB58FA50-BA8A-43E6-BF0D-AF62A1AF7B1D}\RP227\A0071932.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\scui.cpl (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\461942\461942.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\about.html (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\autofill.cfg (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\autofill_plugin.dll (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\autosearch_plugin.dll (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\basis.xml (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\demo_logo.bmp (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\error.html (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\Flash_Player_Plugin_BAckup_04_29_08.crc (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\Flash_Player_Plugin_BAckup_04_29_08.dll (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\Google Logo.jpg (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\icon3.JPG (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\icons.bmp (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\info.txt (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\panicButton_plugin.dll (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\tell_a_friend.dll (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\uninstall.exe (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\untitled.bmp (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Win32\version.txt (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtc.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727040114578.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\42356d3.bat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\idygjun.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ubpr01.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fatma\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\hatem\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    0
  7. hassan23 Messages postés 7 Statut Membre
     
    j'ai un msg lors du téléchargement de combofix qui dit : you cannot rename combofix as combofix[1] please use another name
    0
  8. Utilisateur anonyme
     
    tu l a renomé ??

    si il est sur ton bureau suprime le

    et retelecharge le mais avant renome le en killbagle et enregsitre le sur le bureau
    0
  9. hassan23 Messages postés 7 Statut Membre
     
    voici le rapport:

    ComboFix 08-07-28.4 - hatem 2008-07-29 1:13:05.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.182 [GMT 2:00]
    Endroit: D:\killbagle.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Fatma\Application Data\FunWebProducts
    C:\Documents and Settings\hatem\Application Data\macromedia\Flash Player\#SharedObjects\AS7FXW99\interclick.com
    C:\Documents and Settings\hatem\Application Data\macromedia\Flash Player\#SharedObjects\AS7FXW99\interclick.com\ud.sol
    C:\Documents and Settings\hatem\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\hatem\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Documents and Settings\hatem\Mes documents\My Documents.url
    C:\WINDOWS\system32\autorun.ini
    C:\WINDOWS\system32\setting.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-29 00:00 . 2008-07-29 00:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-29 00:00 . 2008-07-29 00:00 <REP> d-------- C:\Documents and Settings\hatem\Application Data\Malwarebytes
    2008-07-29 00:00 . 2008-07-29 00:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-29 00:00 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-29 00:00 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-28 23:49 . 2008-07-28 23:49 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-28 23:44 . 2008-07-29 01:19 <REP> d-------- C:\Documents and Settings\hatem\Application Data\OpenOffice.org2
    2008-07-28 23:42 . 2008-07-28 23:42 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-07-27 23:16 . 2008-07-27 23:16 <REP> d-------- C:\Program Files\readmes
    2008-07-27 23:16 . 2008-07-27 23:16 <REP> d-------- C:\Program Files\licenses
    2008-07-27 11:17 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-07-27 10:48 . 2008-07-27 10:48 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-07-27 10:45 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp
    2008-07-21 07:35 . 2008-07-21 07:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-21 07:35 . 2008-07-21 07:35 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-28 21:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-27 21:18 --------- d-----w C:\Program Files\Java
    2008-07-27 01:52 0 ----a-w C:\WINDOWS\Fonts\NULL
    2008-07-26 15:01 --------- d-----w C:\Documents and Settings\hatem\Application Data\Skype
    2008-07-26 15:00 --------- d-----w C:\Documents and Settings\hatem\Application Data\skypePM
    2008-07-02 21:34 --------- d-----w C:\Program Files\DivX
    2008-07-02 21:33 --------- d-----w C:\Program Files\CyberLink
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 07:53 --------- d-----w C:\Program Files\Microsoft Works
    2008-05-30 07:43 304,160 ----a-w C:\PA207.DAT
    2008-05-29 20:59 52,116 ----a-w C:\Program Files\openoffice.org-onlineupdate.cab
    2008-05-29 20:59 37,375 ----a-w C:\Program Files\openoffice.org-xsltfilter.cab
    2008-05-29 20:59 207,388 ----a-w C:\Program Files\openoffice.org-testtool.cab
    2008-05-29 20:59 2,650,886 ----a-w C:\Program Files\openoffice.org-writer.cab
    2008-05-29 20:59 2,504,975 ----a-w C:\Program Files\openoffice.org-pyuno.cab
    2008-05-29 20:59 1,183,268 ----a-w C:\Program Files\openoffice.org-math.cab
    2008-05-29 20:58 86,870 ----a-w C:\Program Files\openoffice.org-graphicfilter.cab
    2008-05-29 20:58 2,769 ----a-w C:\Program Files\openoffice.org-emailmerge.cab
    2008-05-29 20:58 118,910 ----a-w C:\Program Files\openoffice.org-javafilter.cab
    2008-05-29 20:58 1,372,593 ----a-w C:\Program Files\openoffice.org-impress.cab
    2008-05-29 20:57 4,164,599 ----a-w C:\Program Files\openoffice.org-core07.cab
    2008-05-29 20:57 306,690 ----a-w C:\Program Files\openoffice.org-core08.cab
    2008-05-29 20:57 28,864,638 ----a-w C:\Program Files\openoffice.org-core06.cab
    2008-05-29 20:57 2,031,954 ----a-w C:\Program Files\openoffice.org-core09.cab
    2008-05-29 20:57 1,025,727 ----a-w C:\Program Files\openoffice.org-draw.cab
    2008-05-29 20:53 18,634,513 ----a-w C:\Program Files\openoffice.org-core05.cab
    2008-05-29 20:52 16,503,595 ----a-w C:\Program Files\openoffice.org-core04.cab
    2008-05-29 20:51 9,117,929 ----a-w C:\Program Files\openoffice.org-core03.cab
    2008-05-29 20:50 3,861,722 ----a-w C:\Program Files\openoffice.org-core02.cab
    2008-05-29 20:50 15,104,538 ----a-w C:\Program Files\openoffice.org-core01.cab
    2008-05-29 20:49 43,005 ----a-w C:\Program Files\openoffice.org-activex.cab
    2008-05-29 20:49 4,845,907 ----a-w C:\Program Files\openoffice.org-calc.cab
    2008-05-29 20:49 4,377,600 ----a-w C:\Program Files\openofficeorg24.msi
    2008-05-29 20:49 217 ----a-w C:\Program Files\setup.ini
    2008-05-29 20:49 1,878,252 ----a-w C:\Program Files\openoffice.org-base.cab
    2008-05-29 13:47 --------- d-----w C:\Documents and Settings\Fatma\Application Data\Gaijin Ent
    2008-05-20 06:11 0 ----a-w C:\Program Files\temp01
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-01-13 19:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
    2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
    2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CnxDslTaskBar"="C:\Program Files\TOPNET\AccessRunner ADSL\CnxDslTb.exe" [2005-06-22 02:52 462848]
    "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-16 20:01 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-27 00:20 413696]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 12:49]
    R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2008-04-27 14:06]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
    R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-04-27 14:06]
    R3 CnxEtP;TOPNET ADSL USB WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-06-22 02:52]
    R3 CnxEtU;TOPNET ADSL ADU-2110 USB Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-06-22 02:52]
    R3 CnxTgN;TOPNET ADU-2110 USB WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-06-22 02:52]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
    S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 12:49]
    S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a85bc1-a4fd-11dc-b3bd-000000000000}]
    \Shell\??\command - taipingtianguov1.1.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaa8b964-f36a-11dc-b48d-0015584d7d94}]
    \Shell\??\command - taipingtianguov1.1.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-05-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A41F7113-D904-458A-A85F-DADA3A0FE1A4} - (no file)
    HKLM-Run-LogMeIn GUI - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    Notify-LMIinit - LMIinit.dll

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
    R0 -: HKCU-Main,SearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    R0 -: HKCU-Main,Default_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com/
    R0 -: HKLM-Main,Search Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    R0 -: HKLM-Main,SearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R1 -: HKLM-Internet Explorer,SearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-29 01:18:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Fichiers communs\Panda Software\PavShld\PavPrSrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PAVSRV51.EXE
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ApVxdWin.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-29 1:23:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-28 23:23:50

    Pre-Run: 13,916,073,984 octets libres
    Post-Run: 17,958,789,120 octets libres

    188 --- E O F --- 2008-07-26 23:41:35
    0
  10. Utilisateur anonyme
     
    refais un scan hijackthis

    post le rapport et dis tes soucis stp
    0
  11. hassan23 Messages postés 7 Statut Membre
     
    jusqu'à présent aucun souci, les infobulles ont disparu, pas de fenêtres qui s'ouvrent.
    ok voilà le nouveau rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:33:17, on 29/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOPNET\AccessRunner ADSL\CnxDslTb.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TOPNET\AccessRunner ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F75C8DA2-F8A4-454B-886E-F6B1CEA9A872}: NameServer = 213.150.176.196 193.95.67.22
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
    0
  12. Utilisateur anonyme
     
    Télécharge RavAntivirus d'Evosla sur ton bureau : http://ww25.evosla.com/compteur.php?soft=rav_antivirus
    - Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX
    - Clique droit sur le fichier .ZIP, puis "Extraire vers" Bureau.
    - Doucle-clique sur "RAV.exe" pour lancer le fix.
    - Laisse le programme agir : il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    - En cas d'infections un rapport sera généré : poste le dans ta prochaine réponse stp.
    - Ensuite : retire tes disques amovibles et redémarre le PC.
    0