Rapport HijackThis
nikolaidis
Messages postés
34
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
mon problème est que mon PC rame très beaucoup (Acer Aspire 1640) ! Alors j'ai téléchargé HijackThis et j'ai fait un scan. Si quelqu'un peut m'aider pour mon problème merci beaucoup...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:40, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads1.revenue.net/l?site_id=11634&pplacement_id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {234F67F8-D89D-4AFC-BDD7-1EAA6BA60BF4} - (no file)
O2 - BHO: (no name) - {2888EBCF-35C1-4E08-86E2-2E53491F31E2} - (no file)
O2 - BHO: (no name) - {29E06BE5-30A9-40AC-AAF7-CEEED2DA6F49} - (no file)
O2 - BHO: (no name) - {454E69FE-9030-4CFC-AE44-B9229305EC43} - C:\WINDOWS\system32\vtUnmNFU.dll (file missing)
O2 - BHO: (no name) - {47425AF4-84AE-49FD-BD06-8DB21F3CAA13} - C:\WINDOWS\system32\iifedbXr.dll (file missing)
O2 - BHO: {8db0ad49-9233-ca39-2104-71cc2ad70594} - {49507da2-cc17-4012-93ac-332994da0bd8} - C:\WINDOWS\system32\mnjvnr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {558A1014-2777-4C79-8907-C1DABC17C0CF} - (no file)
O2 - BHO: (no name) - {560E8D30-0F04-4943-9CFD-8D5CF98E9750} - (no file)
O2 - BHO: (no name) - {597DEDB3-4CD2-469F-807C-D63638C0ACCF} - (no file)
O2 - BHO: (no name) - {6FDAFF9A-A53E-4BAA-B5AD-62FF4635B2D2} - (no file)
O2 - BHO: (no name) - {755DAA23-514C-43BF-9ED8-5A9AC05998F2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BB745D2-26B2-428D-9127-0AD1A90C7564} - (no file)
O2 - BHO: (no name) - {80FFA0B0-5A24-4424-9669-FE552A2600C7} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965B75DB-111C-4C4E-A50A-1B6EC7FF6EA6} - (no file)
O2 - BHO: (no name) - {9FC59161-4146-4DC3-9C40-AAACB4DD2B4E} - C:\WINDOWS\system32\cbXPiFyw.dll (file missing)
O2 - BHO: (no name) - {A72083BA-1768-4BD7-B294-0B166A936265} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75AF127-83E3-4FFA-8116-6B816C477A7E} - (no file)
O2 - BHO: (no name) - {BC6321E4-725E-853D-CB17-C0F447395BBE} - (no file)
O2 - BHO: (no name) - {D025E4C4-1E98-46D3-B26F-B8DDFFD2F0C0} - (no file)
O2 - BHO: (no name) - {D3A9F5CE-261B-4188-B56A-97A434D1285E} - (no file)
O2 - BHO: (no name) - {DC32B301-F20F-405F-AFB4-ACE052305B37} - (no file)
O2 - BHO: (no name) - {F0FBFEF2-756E-4856-B29A-FA13FAEF97C7} - (no file)
O2 - BHO: (no name) - {FBF940BF-CF09-483D-8D4D-6809F687F6DE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\virouodj.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vsaowfrv.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - https://www.afternic.com/domains/errorsafe.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll,avgrsstx.dll
O20 - Winlogon Notify: iifedbXr - iifedbXr.dll (file missing)
O20 - Winlogon Notify: pmnnmnk - pmnnmnk.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
mon problème est que mon PC rame très beaucoup (Acer Aspire 1640) ! Alors j'ai téléchargé HijackThis et j'ai fait un scan. Si quelqu'un peut m'aider pour mon problème merci beaucoup...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:40, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads1.revenue.net/l?site_id=11634&pplacement_id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {234F67F8-D89D-4AFC-BDD7-1EAA6BA60BF4} - (no file)
O2 - BHO: (no name) - {2888EBCF-35C1-4E08-86E2-2E53491F31E2} - (no file)
O2 - BHO: (no name) - {29E06BE5-30A9-40AC-AAF7-CEEED2DA6F49} - (no file)
O2 - BHO: (no name) - {454E69FE-9030-4CFC-AE44-B9229305EC43} - C:\WINDOWS\system32\vtUnmNFU.dll (file missing)
O2 - BHO: (no name) - {47425AF4-84AE-49FD-BD06-8DB21F3CAA13} - C:\WINDOWS\system32\iifedbXr.dll (file missing)
O2 - BHO: {8db0ad49-9233-ca39-2104-71cc2ad70594} - {49507da2-cc17-4012-93ac-332994da0bd8} - C:\WINDOWS\system32\mnjvnr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {558A1014-2777-4C79-8907-C1DABC17C0CF} - (no file)
O2 - BHO: (no name) - {560E8D30-0F04-4943-9CFD-8D5CF98E9750} - (no file)
O2 - BHO: (no name) - {597DEDB3-4CD2-469F-807C-D63638C0ACCF} - (no file)
O2 - BHO: (no name) - {6FDAFF9A-A53E-4BAA-B5AD-62FF4635B2D2} - (no file)
O2 - BHO: (no name) - {755DAA23-514C-43BF-9ED8-5A9AC05998F2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BB745D2-26B2-428D-9127-0AD1A90C7564} - (no file)
O2 - BHO: (no name) - {80FFA0B0-5A24-4424-9669-FE552A2600C7} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965B75DB-111C-4C4E-A50A-1B6EC7FF6EA6} - (no file)
O2 - BHO: (no name) - {9FC59161-4146-4DC3-9C40-AAACB4DD2B4E} - C:\WINDOWS\system32\cbXPiFyw.dll (file missing)
O2 - BHO: (no name) - {A72083BA-1768-4BD7-B294-0B166A936265} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75AF127-83E3-4FFA-8116-6B816C477A7E} - (no file)
O2 - BHO: (no name) - {BC6321E4-725E-853D-CB17-C0F447395BBE} - (no file)
O2 - BHO: (no name) - {D025E4C4-1E98-46D3-B26F-B8DDFFD2F0C0} - (no file)
O2 - BHO: (no name) - {D3A9F5CE-261B-4188-B56A-97A434D1285E} - (no file)
O2 - BHO: (no name) - {DC32B301-F20F-405F-AFB4-ACE052305B37} - (no file)
O2 - BHO: (no name) - {F0FBFEF2-756E-4856-B29A-FA13FAEF97C7} - (no file)
O2 - BHO: (no name) - {FBF940BF-CF09-483D-8D4D-6809F687F6DE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\virouodj.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vsaowfrv.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - https://www.afternic.com/domains/errorsafe.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll,avgrsstx.dll
O20 - Winlogon Notify: iifedbXr - iifedbXr.dll (file missing)
O20 - Winlogon Notify: pmnnmnk - pmnnmnk.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:
- Rapport HijackThis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
29 réponses
salut fais ceci en suivant bien les cacracteres gras :
1) Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaineS'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
quand tu demande une analyse, demande en mode sans échec.
Pourquoi en mode sans échec:
*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .
_______________________________________________
1) Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaineS'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
quand tu demande une analyse, demande en mode sans échec.
Pourquoi en mode sans échec:
*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .
_______________________________________________
Voilà j'ai fait tout ce que tu m'as dit de faire sans problème... à part le scan qui était très long (2h52minutes :S) !
Et voici le rapport du scan:
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1001
Windows 5.1.2600 Service Pack 2
20:59:53 28/07/2008
mbam-log-7-28-2008 (20-59-43).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107851
Temps écoulé: 2 hour(s), 52 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mnjvnr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nloebinq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qnibeoln.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gpjaxhyx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xyhxajpg.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\irlvgskd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dksgvlri.ini (Trojan.Vundo) -> No action taken.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\olnyjyil.dll (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\kxjtpoeu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\CYRIL\Local Settings\Temporary Internet Files\Content.IE5\3WFS45II\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP997\A0088505.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP998\A0088539.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
Et voici le rapport du scan:
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1001
Windows 5.1.2600 Service Pack 2
20:59:53 28/07/2008
mbam-log-7-28-2008 (20-59-43).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107851
Temps écoulé: 2 hour(s), 52 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mnjvnr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nloebinq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qnibeoln.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gpjaxhyx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xyhxajpg.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\irlvgskd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dksgvlri.ini (Trojan.Vundo) -> No action taken.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\olnyjyil.dll (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\kxjtpoeu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\CYRIL\Local Settings\Temporary Internet Files\Content.IE5\3WFS45II\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP997\A0088505.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP998\A0088539.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mnjvnr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nloebinq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qnibeoln.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gpjaxhyx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xyhxajpg.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\irlvgskd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dksgvlri.ini (Trojan.Vundo) -> No action taken.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\olnyjyil.dll (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\kxjtpoeu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\CYRIL\Local Settings\Temporary Internet Files\Content.IE5\3WFS45II\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP997\A0088505.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP998\A0088539.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
apparemmment tu n as rien supprimé........:
No action taken = aucune action effectuee
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mnjvnr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nloebinq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qnibeoln.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gpjaxhyx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xyhxajpg.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\irlvgskd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dksgvlri.ini (Trojan.Vundo) -> No action taken.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\system32\olnyjyil.dll (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\kxjtpoeu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\CYRIL\Local Settings\Temporary Internet Files\Content.IE5\3WFS45II\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP997\A0088505.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP998\A0088539.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> No action taken.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
apparemmment tu n as rien supprimé........:
No action taken = aucune action effectuee
Désolé je me suis trompé de bloc note ;)
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1001
Windows 5.1.2600 Service Pack 2
21:01:03 28/07/2008
mbam-log-7-28-2008 (21-01-03).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107851
Temps écoulé: 2 hour(s), 52 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mnjvnr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nloebinq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnibeoln.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpjaxhyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyhxajpg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irlvgskd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dksgvlri.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olnyjyil.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxjtpoeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\CYRIL\Local Settings\Temporary Internet Files\Content.IE5\3WFS45II\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP997\A0088505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP998\A0088539.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1001
Windows 5.1.2600 Service Pack 2
21:01:03 28/07/2008
mbam-log-7-28-2008 (21-01-03).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107851
Temps écoulé: 2 hour(s), 52 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49507da2-cc17-4012-93ac-332994da0bd8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\mnjvnr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nloebinq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnibeoln.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpjaxhyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyhxajpg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irlvgskd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dksgvlri.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olnyjyil.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxjtpoeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\CYRIL\Local Settings\Temporary Internet Files\Content.IE5\3WFS45II\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP997\A0088505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP998\A0088539.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\extra.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\saveupdate.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveNowupdate.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKbXqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bien sur, le voilà !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:48, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads1.revenue.net/l?site_id=11634&pplacement_id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {234F67F8-D89D-4AFC-BDD7-1EAA6BA60BF4} - (no file)
O2 - BHO: (no name) - {2888EBCF-35C1-4E08-86E2-2E53491F31E2} - (no file)
O2 - BHO: (no name) - {29E06BE5-30A9-40AC-AAF7-CEEED2DA6F49} - (no file)
O2 - BHO: (no name) - {454E69FE-9030-4CFC-AE44-B9229305EC43} - C:\WINDOWS\system32\vtUnmNFU.dll (file missing)
O2 - BHO: (no name) - {47425AF4-84AE-49FD-BD06-8DB21F3CAA13} - C:\WINDOWS\system32\iifedbXr.dll (file missing)
O2 - BHO: (no name) - {49507da2-cc17-4012-93ac-332994da0bd8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {558A1014-2777-4C79-8907-C1DABC17C0CF} - (no file)
O2 - BHO: (no name) - {560E8D30-0F04-4943-9CFD-8D5CF98E9750} - (no file)
O2 - BHO: (no name) - {597DEDB3-4CD2-469F-807C-D63638C0ACCF} - (no file)
O2 - BHO: (no name) - {6FDAFF9A-A53E-4BAA-B5AD-62FF4635B2D2} - (no file)
O2 - BHO: (no name) - {755DAA23-514C-43BF-9ED8-5A9AC05998F2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BB745D2-26B2-428D-9127-0AD1A90C7564} - (no file)
O2 - BHO: (no name) - {80FFA0B0-5A24-4424-9669-FE552A2600C7} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965B75DB-111C-4C4E-A50A-1B6EC7FF6EA6} - (no file)
O2 - BHO: (no name) - {9FC59161-4146-4DC3-9C40-AAACB4DD2B4E} - C:\WINDOWS\system32\cbXPiFyw.dll (file missing)
O2 - BHO: (no name) - {A72083BA-1768-4BD7-B294-0B166A936265} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75AF127-83E3-4FFA-8116-6B816C477A7E} - (no file)
O2 - BHO: (no name) - {BC6321E4-725E-853D-CB17-C0F447395BBE} - (no file)
O2 - BHO: (no name) - {D025E4C4-1E98-46D3-B26F-B8DDFFD2F0C0} - (no file)
O2 - BHO: (no name) - {D3A9F5CE-261B-4188-B56A-97A434D1285E} - (no file)
O2 - BHO: (no name) - {DC32B301-F20F-405F-AFB4-ACE052305B37} - (no file)
O2 - BHO: (no name) - {F0FBFEF2-756E-4856-B29A-FA13FAEF97C7} - (no file)
O2 - BHO: (no name) - {FBF940BF-CF09-483D-8D4D-6809F687F6DE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\virouodj.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vsaowfrv.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll,avgrsstx.dll,
O20 - Winlogon Notify: iifedbXr - iifedbXr.dll (file missing)
O20 - Winlogon Notify: pmnnmnk - pmnnmnk.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:48, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads1.revenue.net/l?site_id=11634&pplacement_id=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {234F67F8-D89D-4AFC-BDD7-1EAA6BA60BF4} - (no file)
O2 - BHO: (no name) - {2888EBCF-35C1-4E08-86E2-2E53491F31E2} - (no file)
O2 - BHO: (no name) - {29E06BE5-30A9-40AC-AAF7-CEEED2DA6F49} - (no file)
O2 - BHO: (no name) - {454E69FE-9030-4CFC-AE44-B9229305EC43} - C:\WINDOWS\system32\vtUnmNFU.dll (file missing)
O2 - BHO: (no name) - {47425AF4-84AE-49FD-BD06-8DB21F3CAA13} - C:\WINDOWS\system32\iifedbXr.dll (file missing)
O2 - BHO: (no name) - {49507da2-cc17-4012-93ac-332994da0bd8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {558A1014-2777-4C79-8907-C1DABC17C0CF} - (no file)
O2 - BHO: (no name) - {560E8D30-0F04-4943-9CFD-8D5CF98E9750} - (no file)
O2 - BHO: (no name) - {597DEDB3-4CD2-469F-807C-D63638C0ACCF} - (no file)
O2 - BHO: (no name) - {6FDAFF9A-A53E-4BAA-B5AD-62FF4635B2D2} - (no file)
O2 - BHO: (no name) - {755DAA23-514C-43BF-9ED8-5A9AC05998F2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BB745D2-26B2-428D-9127-0AD1A90C7564} - (no file)
O2 - BHO: (no name) - {80FFA0B0-5A24-4424-9669-FE552A2600C7} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965B75DB-111C-4C4E-A50A-1B6EC7FF6EA6} - (no file)
O2 - BHO: (no name) - {9FC59161-4146-4DC3-9C40-AAACB4DD2B4E} - C:\WINDOWS\system32\cbXPiFyw.dll (file missing)
O2 - BHO: (no name) - {A72083BA-1768-4BD7-B294-0B166A936265} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75AF127-83E3-4FFA-8116-6B816C477A7E} - (no file)
O2 - BHO: (no name) - {BC6321E4-725E-853D-CB17-C0F447395BBE} - (no file)
O2 - BHO: (no name) - {D025E4C4-1E98-46D3-B26F-B8DDFFD2F0C0} - (no file)
O2 - BHO: (no name) - {D3A9F5CE-261B-4188-B56A-97A434D1285E} - (no file)
O2 - BHO: (no name) - {DC32B301-F20F-405F-AFB4-ACE052305B37} - (no file)
O2 - BHO: (no name) - {F0FBFEF2-756E-4856-B29A-FA13FAEF97C7} - (no file)
O2 - BHO: (no name) - {FBF940BF-CF09-483D-8D4D-6809F687F6DE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\virouodj.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vsaowfrv.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll,avgrsstx.dll,
O20 - Winlogon Notify: iifedbXr - iifedbXr.dll (file missing)
O20 - Winlogon Notify: pmnnmnk - pmnnmnk.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
refais en un mais cette fois ci coches ces lignes et " fix checked " :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads1.revenue.net/l?site_id=11634&pplacement_id=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {234F67F8-D89D-4AFC-BDD7-1EAA6BA60BF4} - (no file)
O2 - BHO: (no name) - {2888EBCF-35C1-4E08-86E2-2E53491F31E2} - (no file)
O2 - BHO: (no name) - {29E06BE5-30A9-40AC-AAF7-CEEED2DA6F49} - (no file)
O2 - BHO: (no name) - {454E69FE-9030-4CFC-AE44-B9229305EC43} - C:\WINDOWS\system32\vtUnmNFU.dll (file missing)
O2 - BHO: (no name) - {47425AF4-84AE-49FD-BD06-8DB21F3CAA13} - C:\WINDOWS\system32\iifedbXr.dll (file missing)
O2 - BHO: (no name) - {49507da2-cc17-4012-93ac-332994da0bd8} - (no file)
O2 - BHO: (no name) - {558A1014-2777-4C79-8907-C1DABC17C0CF} - (no file)
O2 - BHO: (no name) - {560E8D30-0F04-4943-9CFD-8D5CF98E9750} - (no file)
O2 - BHO: (no name) - {597DEDB3-4CD2-469F-807C-D63638C0ACCF} - (no file)
O2 - BHO: (no name) - {6FDAFF9A-A53E-4BAA-B5AD-62FF4635B2D2} - (no file)
O2 - BHO: (no name) - {755DAA23-514C-43BF-9ED8-5A9AC05998F2} - (no file)
O2 - BHO: (no name) - {7BB745D2-26B2-428D-9127-0AD1A90C7564} - (no file)
O2 - BHO: (no name) - {80FFA0B0-5A24-4424-9669-FE552A2600C7} - (no file)
O2 - BHO: (no name) - {965B75DB-111C-4C4E-A50A-1B6EC7FF6EA6} - (no file)
O2 - BHO: (no name) - {9FC59161-4146-4DC3-9C40-AAACB4DD2B4E} - C:\WINDOWS\system32\cbXPiFyw.dll (file missing)
O2 - BHO: (no name) - {A72083BA-1768-4BD7-B294-0B166A936265} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75AF127-83E3-4FFA-8116-6B816C477A7E} - (no file)
O2 - BHO: (no name) - {BC6321E4-725E-853D-CB17-C0F447395BBE} - (no file)
O2 - BHO: (no name) - {D025E4C4-1E98-46D3-B26F-B8DDFFD2F0C0} - (no file)
O2 - BHO: (no name) - {D3A9F5CE-261B-4188-B56A-97A434D1285E} - (no file)
O2 - BHO: (no name) - {DC32B301-F20F-405F-AFB4-ACE052305B37} - (no file)
O2 - BHO: (no name) - {F0FBFEF2-756E-4856-B29A-FA13FAEF97C7} - (no file)
O2 - BHO: (no name) - {FBF940BF-CF09-483D-8D4D-6809F687F6DE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\virouodj.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vsaowfrv.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: MsgPlusLoader.dll,avgrsstx.dll,
O20 - Winlogon Notify: iifedbXr - iifedbXr.dll (file missing)
O20 - Winlogon Notify: pmnnmnk - pmnnmnk.dll (file missing)
ensuite renvoie un rapport
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads1.revenue.net/l?site_id=11634&pplacement_id=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {234F67F8-D89D-4AFC-BDD7-1EAA6BA60BF4} - (no file)
O2 - BHO: (no name) - {2888EBCF-35C1-4E08-86E2-2E53491F31E2} - (no file)
O2 - BHO: (no name) - {29E06BE5-30A9-40AC-AAF7-CEEED2DA6F49} - (no file)
O2 - BHO: (no name) - {454E69FE-9030-4CFC-AE44-B9229305EC43} - C:\WINDOWS\system32\vtUnmNFU.dll (file missing)
O2 - BHO: (no name) - {47425AF4-84AE-49FD-BD06-8DB21F3CAA13} - C:\WINDOWS\system32\iifedbXr.dll (file missing)
O2 - BHO: (no name) - {49507da2-cc17-4012-93ac-332994da0bd8} - (no file)
O2 - BHO: (no name) - {558A1014-2777-4C79-8907-C1DABC17C0CF} - (no file)
O2 - BHO: (no name) - {560E8D30-0F04-4943-9CFD-8D5CF98E9750} - (no file)
O2 - BHO: (no name) - {597DEDB3-4CD2-469F-807C-D63638C0ACCF} - (no file)
O2 - BHO: (no name) - {6FDAFF9A-A53E-4BAA-B5AD-62FF4635B2D2} - (no file)
O2 - BHO: (no name) - {755DAA23-514C-43BF-9ED8-5A9AC05998F2} - (no file)
O2 - BHO: (no name) - {7BB745D2-26B2-428D-9127-0AD1A90C7564} - (no file)
O2 - BHO: (no name) - {80FFA0B0-5A24-4424-9669-FE552A2600C7} - (no file)
O2 - BHO: (no name) - {965B75DB-111C-4C4E-A50A-1B6EC7FF6EA6} - (no file)
O2 - BHO: (no name) - {9FC59161-4146-4DC3-9C40-AAACB4DD2B4E} - C:\WINDOWS\system32\cbXPiFyw.dll (file missing)
O2 - BHO: (no name) - {A72083BA-1768-4BD7-B294-0B166A936265} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B75AF127-83E3-4FFA-8116-6B816C477A7E} - (no file)
O2 - BHO: (no name) - {BC6321E4-725E-853D-CB17-C0F447395BBE} - (no file)
O2 - BHO: (no name) - {D025E4C4-1E98-46D3-B26F-B8DDFFD2F0C0} - (no file)
O2 - BHO: (no name) - {D3A9F5CE-261B-4188-B56A-97A434D1285E} - (no file)
O2 - BHO: (no name) - {DC32B301-F20F-405F-AFB4-ACE052305B37} - (no file)
O2 - BHO: (no name) - {F0FBFEF2-756E-4856-B29A-FA13FAEF97C7} - (no file)
O2 - BHO: (no name) - {FBF940BF-CF09-483D-8D4D-6809F687F6DE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\virouodj.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vsaowfrv.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: MsgPlusLoader.dll,avgrsstx.dll,
O20 - Winlogon Notify: iifedbXr - iifedbXr.dll (file missing)
O20 - Winlogon Notify: pmnnmnk - pmnnmnk.dll (file missing)
ensuite renvoie un rapport
Voilà j'ai "fix checked" toutes ces lignes ! Voilà le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:23, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:23, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Salut,
tu peux encore relancer Hijackthis, scan only, coche les lignes suivantes
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
Fais "fix checked"
----------------------------------------------------------------------------------------------------------------------------------------------------------
Fais les mises à jour de Java
https://www.java.com/en/download/manual.jsp
A bon entendeur
Zor
tu peux encore relancer Hijackthis, scan only, coche les lignes suivantes
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
Fais "fix checked"
----------------------------------------------------------------------------------------------------------------------------------------------------------
Fais les mises à jour de Java
https://www.java.com/en/download/manual.jsp
A bon entendeur
Zor
Salut zorinho, je viens de faire tout ce que tu m'as dit de faire !
Par contre dans le lien que tu m'as donné pour télécharger les mises à jour de Java je sais pas si c'est le premier lien ou le 2ème lien de Windows qu'il faut choisir...
Par contre dans le lien que tu m'as donné pour télécharger les mises à jour de Java je sais pas si c'est le premier lien ou le 2ème lien de Windows qu'il faut choisir...
le premier lien est la version de base (7 mo), l'autre est la plus complète (15 Mo)
Je te conseille de désinstaller ta version actuelle de Java et d'installer la version de base.
A plus
Zor
Je te conseille de désinstaller ta version actuelle de Java et d'installer la version de base.
A plus
Zor
Oui pas de problème ;) ! Voilà le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:10:04, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:10:04, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
C'est okay. Comment se porte ton ordi???
Tu peux aussi coller un rapport de scan de ton antivirus
A plus
Zor
Tu peux aussi coller un rapport de scan de ton antivirus
A plus
Zor
Ben je trouve qu'il rame toujours autant :s ! Je collerai un rapport de mon anti-virus quand il aura fini...
Voilà le rapport de l'anti-virus:
"Scan ""Scan whole computer"" was finished."
"Infections found:";"10"
"Infected objects removed or healed:";"10"
"Not removed or healed:";"0"
"Spyware found:";"14"
"Spyware removed:";"14"
"Not removed:";"0"
"Warnings count:";"87"
"Information count:";"0"
"Scan started:";"lundi 4 août 2008, 20:52:04"
"Scan finished:";"lundi 4 août 2008, 21:45:35 (53 minute(s) 31 second(s))"
"Total object scanned:";"570319"
"User who launched the scan:";"CYRIL"
"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091239.dll";"Trojan horse Generic11.CPS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091240.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091241.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091243.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091245.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\afcxlcbo.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\iqndigfk.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\WINDOWS\system32\nxjkltqk.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\xwpokfxp.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\WINDOWS\system32\ycmebdkm.dll";"Trojan horse Generic11.CPS";"Moved to Virus Vault"
"Spyware"
"File";"Infection";"Result"
"C:\Documents and Settings\CYRIL\Bureau\Aide_dial-a-fix.exe";"Adware Generic3.KKH";"Moved to Virus Vault"
"C:\WINDOWS\system32\batvcskw.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091242.dll";"Adware Generic3.KIP";"Moved to Virus Vault"
"C:\WINDOWS\system32\dtbnnjxf.dll";"Adware Generic3.KIP";"Moved to Virus Vault"
"C:\WINDOWS\system32\hqsebgrl.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091244.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091246.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091247.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091248.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091249.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091250.exe";"Adware Generic3.KKH";"Moved to Virus Vault"
"C:\WINDOWS\system32\hrlyfkrr.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\WINDOWS\system32\jrhtnjro.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\WINDOWS\system32\tiigvean.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\CYRIL\Cookies\cyril@2o7[2].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@2o7[2].txt:\2o7.net.92b4d8ae";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.c982816c";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.cfb9f79a";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adtech[1].txt";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adtech[1].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adviva[1].txt";"Found Tracking cookie.Adviva";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@hitbox[2].txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@hitbox[2].txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@hitbox[2].txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adviva[1].txt:\adviva.net.39ec90c";"Found Tracking cookie.Adviva";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@overture[1].txt";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@overture[1].txt:\overture.com.8e32a996";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.4a719aa9";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.b595d4db";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bluestreak[2].txt";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bluestreak[2].txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@media.adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@media.adrevolver[2].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@media.adrevolver[2].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.3e749ab9";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.30104bcb";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.5f498b98";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.ca746c8c";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.f636611";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.amo";"Found Adware.DesktopTraffic";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.iiittt";"Found Adware.DesktopTraffic";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.momo";"Found Adware.Begin2Search";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.ohb";"Found Adware.DesktopTraffic";"Potentially dangerous object"
"Scan ""Scan whole computer"" was finished."
"Infections found:";"10"
"Infected objects removed or healed:";"10"
"Not removed or healed:";"0"
"Spyware found:";"14"
"Spyware removed:";"14"
"Not removed:";"0"
"Warnings count:";"87"
"Information count:";"0"
"Scan started:";"lundi 4 août 2008, 20:52:04"
"Scan finished:";"lundi 4 août 2008, 21:45:35 (53 minute(s) 31 second(s))"
"Total object scanned:";"570319"
"User who launched the scan:";"CYRIL"
"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091239.dll";"Trojan horse Generic11.CPS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091240.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091241.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091243.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091245.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\afcxlcbo.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\iqndigfk.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\WINDOWS\system32\nxjkltqk.dll";"Trojan horse Generic11.CPQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\xwpokfxp.dll";"Trojan horse Agent.ZGJ";"Moved to Virus Vault"
"C:\WINDOWS\system32\ycmebdkm.dll";"Trojan horse Generic11.CPS";"Moved to Virus Vault"
"Spyware"
"File";"Infection";"Result"
"C:\Documents and Settings\CYRIL\Bureau\Aide_dial-a-fix.exe";"Adware Generic3.KKH";"Moved to Virus Vault"
"C:\WINDOWS\system32\batvcskw.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091242.dll";"Adware Generic3.KIP";"Moved to Virus Vault"
"C:\WINDOWS\system32\dtbnnjxf.dll";"Adware Generic3.KIP";"Moved to Virus Vault"
"C:\WINDOWS\system32\hqsebgrl.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091244.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091246.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091247.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091248.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091249.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP1016\A0091250.exe";"Adware Generic3.KKH";"Moved to Virus Vault"
"C:\WINDOWS\system32\hrlyfkrr.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\WINDOWS\system32\jrhtnjro.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"C:\WINDOWS\system32\tiigvean.dll";"Adware Generic3.KIO";"Moved to Virus Vault"
"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\CYRIL\Cookies\cyril@2o7[2].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@2o7[2].txt:\2o7.net.92b4d8ae";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.c982816c";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.cfb9f79a";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adtech[1].txt";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adtech[1].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adviva[1].txt";"Found Tracking cookie.Adviva";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@hitbox[2].txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@hitbox[2].txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@hitbox[2].txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adviva[1].txt:\adviva.net.39ec90c";"Found Tracking cookie.Adviva";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@overture[1].txt";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@overture[1].txt:\overture.com.8e32a996";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.4a719aa9";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.b595d4db";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bluestreak[2].txt";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@bluestreak[2].txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@media.adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@media.adrevolver[2].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@media.adrevolver[2].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.3e749ab9";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@smartadserver[2].txt:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.30104bcb";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.5f498b98";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.ca746c8c";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@weborama[2].txt:\weborama.fr.f636611";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\CYRIL\Cookies\cyril@zedo[1].txt:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.amo";"Found Adware.DesktopTraffic";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.iiittt";"Found Adware.DesktopTraffic";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.momo";"Found Adware.Begin2Search";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\dsktrf.ohb";"Found Adware.DesktopTraffic";"Potentially dangerous object"
salut, et pour cause qu'il rame
1) nettoie avec CCleaner http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
tuto ici https://www.malekal.com/tutoriel-ccleaner/
----------------------------------------------------------------------------------------------------------------------------------------------------------
2) Comment supprimer un virus logé dans le dossier System Volume Information sous Windows XP ?
* Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> cocher "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".
* Ensuite, décocher "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".
----------------------------------------------------------------------------------------------------------------------------------------------------------
3) préparation des outils anti vundo
mets Malwarebytes (MBAM) à jour
télécharge Vundofix http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm
attention: pas de scan à ce stade!!!!
4) Démarrage en mode sans échec
Démarrer en mode sans échec avec : Windows XP
N'utilisez cette méthode (avec la touche F8) que si Windows XP est le seul système d'exploitation installé sur votre ordinateur.
* 1/ Redémarrez l’ordinateur. L'ordinateur commence le traitement d'instructions connues sous le nom Basic Input/Output System (BIOS). L'affichage dépend du fabricant du BIOS. Certains ordinateurs affichent une barre de progression faisant référence à BIOS, d'autres peuvent ne pas indiquer le processus en cours de réalisation.
* 2/ A la fin du chargement du BIOS, commencez à appuyer sur la touche F8 de votre clavier (ou F5 si F8 ne fonctionne pas). Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaisse. Si vous commencez à appuyer sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Pour résoudre ce problème, redémarrez l'ordinateur et essayez de nouveau.
* 3/ En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.
En mode sans échec,
- fais un scan (et élimination) avec Vundofix comme indiqué sur le tuto (redémarre l'ordi au besoin)
Toujours en mode sans échec, refais une désinfection avec MBAM
Colle les deux rapports (Vundofix et MBAM) ici
Bon courage
Zor
1) nettoie avec CCleaner http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
tuto ici https://www.malekal.com/tutoriel-ccleaner/
----------------------------------------------------------------------------------------------------------------------------------------------------------
2) Comment supprimer un virus logé dans le dossier System Volume Information sous Windows XP ?
* Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> cocher "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".
* Ensuite, décocher "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".
----------------------------------------------------------------------------------------------------------------------------------------------------------
3) préparation des outils anti vundo
mets Malwarebytes (MBAM) à jour
télécharge Vundofix http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm
attention: pas de scan à ce stade!!!!
4) Démarrage en mode sans échec
Démarrer en mode sans échec avec : Windows XP
N'utilisez cette méthode (avec la touche F8) que si Windows XP est le seul système d'exploitation installé sur votre ordinateur.
* 1/ Redémarrez l’ordinateur. L'ordinateur commence le traitement d'instructions connues sous le nom Basic Input/Output System (BIOS). L'affichage dépend du fabricant du BIOS. Certains ordinateurs affichent une barre de progression faisant référence à BIOS, d'autres peuvent ne pas indiquer le processus en cours de réalisation.
* 2/ A la fin du chargement du BIOS, commencez à appuyer sur la touche F8 de votre clavier (ou F5 si F8 ne fonctionne pas). Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaisse. Si vous commencez à appuyer sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Pour résoudre ce problème, redémarrez l'ordinateur et essayez de nouveau.
* 3/ En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.
En mode sans échec,
- fais un scan (et élimination) avec Vundofix comme indiqué sur le tuto (redémarre l'ordi au besoin)
Toujours en mode sans échec, refais une désinfection avec MBAM
Colle les deux rapports (Vundofix et MBAM) ici
Bon courage
Zor
