" VIRUS ALERT! " Disparition C: , D: et Résolu

Question

Bonjour , 
Je suis nouveau sur le serveur et je suis venu ici pour vous demandez de l'aide afin de resoudre mon problème.
Je vais commencer par vous décrire mon problème : 

J'ai vu sur le forum que plusieurs personnes on le même problème que moi c'est a dire : 
- Un message " VIRUS ALERT! "  a coté de l'horloge 
- Non affichage du disque C: 
- Des icones du bureau on disparu 
- Ainsi que quelques soucis d'acces en administrateur 

J'ai vu que l'on pouvais résoudre cela avec Hijackthis et d'autre programe logiciel etc :) alors je vous fait confiance et j'espère que mon soucis sera résolu ! Merci ;)

susu75 · Answer

Hijackthis.log 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Dantz\Retrospectetrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB56.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QXK Olive - {D08F2729-2101-49CB-A401-EA6EDDB94246} - C:\WINDOWS
favxwdbmex.dll
O2 - BHO: NavigationAdvisor - {E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50} - C:\Program Files\NavigationAdvisor\NavigationAdvisor-2.dll (file missing)
O2 - BHO: (no name) - {FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} - C:\WINDOWS\system32\efcCuSjK.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB56.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: fdkowvbp - {BE19C4CA-A1DB-4BDD-8CC0-EB2E37C7110A} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NMB] "C:\DOCUME~1\lawrence\LOCALS~1\Temp\Rar$EX00.234\VOLVOXKEYLOG.exe" "Ghost"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu]  /L:FRN
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl115fd.blu115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcCuSjK - C:\WINDOWS\SYSTEM32\efcCuSjK.dll
O21 - SSODL: wnslvxtf - {474A52ED-3B74-4589-8095-CEC56275214D} - C:\WINDOWS\wnslvxtf.dll
O21 - SSODL: eqvwamkl - {5B0F1DCC-BBC3-47BE-9639-02D8EBBBD12A} - C:\WINDOWS\eqvwamkl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cmdiwnymr-e - CMD Technology, Inc. - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospectetrorun.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

anthony5151 · Answer

Bonjour,

Ton ordinateur est très infecté par plusieurs malwares, il va falloir utiliser plusieurs logiciels pour t'en débarrasser (ne pars pas avant la fin ;) )

Commence par ceci :

1) Télécharge SmitfraudFix : 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe 

- Enregistre-le sur le bureau 

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée 

- Un rapport sera généré, poste-le dans ta prochaine réponse stp.

Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php



2) Télécharge Toolbar-S&D sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

Double clique sur le raccourci de Toolbar-S&D sur le Bureau.

* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt) 


Tutoriel pour t'aider : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/

susu75 · Answer

Je tien dabord a te remercié merci beaucoup tu m'aide deja énormement :)

Rapport.txt 

SmitFraudFix v2.332

Rapport fait à 18:48:45,81, 30/07/2008
Executé à partir de C:\Documents and Settings\lawrence\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Dantz\Retrospectetrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lawrence


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lawrence\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\lawrence\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!




»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SAGEM Wi-Fi 11g USB adapter #7 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

Description: SAGEM Wi-Fi 11g USB adapter #7 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

Description: SAGEM Wi-Fi 11g USB adapter #7 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

Description: SAGEM Wi-Fi 11g USB adapter #7 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

Description: SAGEM Wi-Fi 11g USB adapter #7 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

Description: SAGEM Wi-Fi 11g USB adapter #7 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{101DF9E0-9D6B-4937-BC5D-250C08A1C10D}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{76A168B8-8710-4F91-8E73-3EEECFD2F19C}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A6143CE2-07C6-424F-A3D7-355DC34FDA5C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CECC604C-B0F7-448E-AB21-E2D888F775EC}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D380E8FD-6EF6-4192-B3F3-6D17A1491A4F}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F64B47BC-B9BD-4986-9668-6867AD4602B9}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{101DF9E0-9D6B-4937-BC5D-250C08A1C10D}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{76A168B8-8710-4F91-8E73-3EEECFD2F19C}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A6143CE2-07C6-424F-A3D7-355DC34FDA5C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CECC604C-B0F7-448E-AB21-E2D888F775EC}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D380E8FD-6EF6-4192-B3F3-6D17A1491A4F}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F64B47BC-B9BD-4986-9668-6867AD4602B9}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{101DF9E0-9D6B-4937-BC5D-250C08A1C10D}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{76A168B8-8710-4F91-8E73-3EEECFD2F19C}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A6143CE2-07C6-424F-A3D7-355DC34FDA5C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CECC604C-B0F7-448E-AB21-E2D888F775EC}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D380E8FD-6EF6-4192-B3F3-6D17A1491A4F}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F64B47BC-B9BD-4986-9668-6867AD4602B9}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

susu75 · Answer

Ensuite le TB.txt 


   -----------\  ToolBar S&D 1.0.7  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : lawrence ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
   [ 30/07/2008 | 18:58:55,18 ] [ PC : LAWRENCE-1 ]
   [ MAJ : 25-07-2008 | 17:35 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\NavigationAdvisor
   C:\Program Files\NavigationAdvisor\NavigationAdvisor.dat
   C:\Program Files\NavigationAdvisor\pcre3.dll
   C:\Program Files\NavigationAdvisor\uninstall.exe
   C:\Program Files\MSN Messenger\msimg32.dll
   C:\Program Files\MSN Messengeriched20.dll
   \...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)

   -----------\  Extensions

   (lawrence) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (lawrence) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar
   (lawrence) - {bb6bc1bb-f824-4702-90cd-35e2fb24f25c} => addneditcookies


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="http://www.euro.dell.com/countries/fr/fra/gen/default.htm"


   -----------\  Fin du rapport a 19:00:03,00

susu75 · Answer

Je ne sais pa si il a recu mes rapport mais je te les remet ou cas ou :/  

 -----------\  ToolBar S&D 1.0.7  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : lawrence ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
   [ 30/07/2008 | 18:58:55,18 ] [ PC : LAWRENCE-1 ]
   [ MAJ : 25-07-2008 | 17:35 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\NavigationAdvisor
   C:\Program Files\NavigationAdvisor\NavigationAdvisor.dat
   C:\Program Files\NavigationAdvisor\pcre3.dll
   C:\Program Files\NavigationAdvisor\uninstall.exe
   C:\Program Files\MSN Messenger\msimg32.dll
   C:\Program Files\MSN Messengeriched20.dll
   \...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)

   -----------\  Extensions

   (lawrence) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (lawrence) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar
   (lawrence) - {bb6bc1bb-f824-4702-90cd-35e2fb24f25c} => addneditcookies


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="http://www.euro.dell.com/countries/fr/fra/gen/default.htm"


   -----------\  Fin du rapport a 19:00:03,00

susu75 · Answer

-----------\  ToolBar S&D 1.0.7  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : lawrence ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
   [ 30/07/2008 | 18:58:55,18 ] [ PC : LAWRENCE-1 ]
   [ MAJ : 25-07-2008 | 17:35 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\NavigationAdvisor
   C:\Program Files\NavigationAdvisor\NavigationAdvisor.dat
   C:\Program Files\NavigationAdvisor\pcre3.dll
   C:\Program Files\NavigationAdvisor\uninstall.exe
   C:\Program Files\MSN Messenger\msimg32.dll
   C:\Program Files\MSN Messengeriched20.dll
   \...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)

   -----------\  Extensions

   (lawrence) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (lawrence) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar
   (lawrence) - {bb6bc1bb-f824-4702-90cd-35e2fb24f25c} => addneditcookies


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="http://www.euro.dell.com/countries/fr/fra/gen/default.htm"


   -----------\  Fin du rapport a 19:00:03,00

susu75 · Answer

TEST

susu75 · Answer

Test

anthony5151 · Answer

Le forum a déconné cet après-midi, mais ne t'inquiète pas, tes messages sont apparus finalements.

Télécharge et installe Malwarebyte's Anti-Malware :  http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée 
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle

Lance Malwarebyte's Anti-Malware 
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen" 
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection 
- S'il t'es demandé de redémarrer, clique sur Yes


Poste le rapport de scan après la suppression ici

susu75 · Answer

J'ai fait 2 scann avec Malwarebytes' Anti-Malware , le premier et relativement gros ^^ je te remercie aussi pour ta patience et ton écoute :)

1er : 

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2

21:59:13 30/07/2008
mbam-log-7-30-2008 (21-59-13).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 146222
Temps écoulé: 1 hour(s), 16 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 103
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 72

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bxqw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\FBrowsingAdvisor\XPCOMEvents.dll.vir (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\efqw.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162845.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162849.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162851.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162852.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162853.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162854.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162855.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162856.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162857.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162858.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162859.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162860.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162861.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162862.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162863.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162865.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162866.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162867.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162870.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162871.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162872.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162873.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162874.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162875.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162876.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162877.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162878.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162879.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162880.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162887.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162888.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162889.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162900.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162850.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162868.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.





2eme : 

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1010
Windows 5.1.2600 Service Pack 2

00:49:14 31/07/2008
mbam-log-7-31-2008 (00-49-14).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 146707
Temps écoulé: 1 hour(s), 25 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\efcCuSjK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\khfGwVME.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162898.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1143\A0162899.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

susu75 · Answer

Je tiens aussi a te dire que le message VIRUS ALERT! est parti avec Combofix et aussi l'accès a mes fichier et rétabli etc mais j'ai encore des virus  et je préfère ne pas prendre de risque en lançant des programmes jeux etc .. 

Donc rien est fini continuons ce que nous avons commencé je tenais juste a te mettre au courant des petites nouvelles :p

anthony5151 · Answer

"Je tiens aussi a te dire que le message VIRUS ALERT! est parti avec Combofix..."

==> Avec Combofix ??? C'est ce que j'allais te faire faire après MalwareByte's, mais qui t'a dit de le faire ?  Tu as un autre sujet ouvert ailleurs ?

susu75 · Answer

Je sais pas peut etre des sujets en parle je ne sais pas , mais un copain a eux le problème il ma conseillé ComboFix j'ai essayé pour testé, effectivement sa vire le message VIRUS ALERT! mais aucun virus n'est supprimé la preuve L'anti-malware et tout les logiciels que tu ma conseillé on fait succes et supprimer les choses inconnues virus,trojan etc..

anthony5151 · Answer

C'est normal, Combofix ne supprime que quelques fichiers automatiquement, mais pour le reste il nécessite une analyse détaillée (c'est un logiciel très puissant, l'utiliser seul n'est pas recommandé...)

Bien, on va donc l'utiliser ensemble si tu veux bien : pour cela, je vais te demander de supprimer ton ancien combofix et de reprendre la procédure au début... (par exemple, il aurait été préférable de le renommer avant de l'utiliser, ce que tu n'as peut-être pas fait)


Fais exactement ce qui suit : 

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ---------------------------------------------------------- 
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !! 
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre ... 
Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

--------------------------------------------------------------------------------------------------------------------------------- 

Ensuite : 
double-clique sur C-Fix.exe ( = combofix.exe ) . 

Appuie sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

susu75 · Answer

voila :

ComboFix 08-07-29.1 - lawrence 2008-07-31 2:28:53.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1492 [GMT 2:00]
Endroit: C:\Documents and Settings\lawrence\Bureau\C-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 22:54 . 2008-07-30 22:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-30 20:38 . 2008-07-30 20:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 20:38 . 2008-07-30 20:38 <REP> d-------- C:\Documents and Settings\lawrence\Application Data\Malwarebytes
2008-07-30 20:38 . 2008-07-30 20:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 20:38 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-30 20:38 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-30 18:58 . 2008-07-30 19:00 <REP> d-------- C:\Toolbar SD
2008-07-30 18:48 . 2008-07-30 18:48 4,034 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-07-30 18:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-07-30 18:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-07-30 18:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-07-30 18:42 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-07-30 18:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-07-30 18:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-07-30 18:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-07-30 18:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-07-30 04:20 . 2008-07-30 04:20 <REP> d-------- C:\Program Files\Trend Micro
2008-07-30 03:32 . 2008-07-30 04:03 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 03:05 . 2008-07-30 18:48 <REP> d--h----- C:\$AVG8.VAULT$
2008-07-30 00:42 . 2008-07-30 00:43 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-07-30 00:42 . 2008-07-30 00:42 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-07-28 19:55 . 2008-07-30 02:17 <REP> d-------- C:\Program Files\LimeWire Acceleration Patch
2008-07-18 14:55 . 2008-07-18 14:55 <REP> d--h----- C:\WINDOWS\PIF
2008-07-14 14:17 . 2008-07-14 14:17 0 --a------ C:\WINDOWS\SYSTEM32\Ve87JMY4.exe.a_a
2008-07-01 16:29 . 2008-07-01 16:29 <REP> d-------- C:\Documents and Settings\lawrence\Application Data\Icone
2008-06-25 23:06 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\SYSTEM32\d3dx9.dll
2008-06-25 23:06 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\SYSTEM32\D3DX81ab.dll
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-11 09:25 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-10 19:32 . 2008-06-23 20:23 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-06-10 19:32 . 2008-07-01 11:17 112,332 --a------ C:\WINDOWS\War3Unin.dat
2008-06-10 19:32 . 2008-06-23 20:23 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-10 19:29 . 2008-07-29 21:20 <REP> d-------- C:\Program Files\Warcraft III
2008-06-09 11:46 . 2008-07-31 00:56 <REP> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-06-09 11:46 . 2008-07-30 20:21 <REP> d-------- C:\Documents and Settings\lawrence\Application Data\AVGTOOLBAR
2008-06-09 11:46 . 2008-07-06 13:50 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-06-09 11:46 . 2008-07-06 13:50 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-06-09 11:46 . 2008-07-06 13:50 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-06-07 10:35 . 2008-06-07 10:35 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-06-03 18:46 . 2008-06-03 19:59 <REP> d-------- C:\Program Files\KONAMI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 00:24 --------- d-----w C:\Documents and Settings\lawrence\Application Data\Skype
2008-07-30 23:52 --------- d-----w C:\Program Files\Steam
2008-07-30 19:59 --------- d-----w C:\Program Files\MSN Messenger
2008-07-30 00:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-29 20:41 --------- d-----w C:\Documents and Settings\lawrence\Application Data\Azureus
2008-07-28 17:55 --------- d-----w C:\Program Files\LimeWire
2008-07-25 07:51 --------- d-----w C:\Program Files\World of Warcraft
2008-07-24 21:13 --------- d-----w C:\Program Files\Java
2008-07-19 13:55 --------- d-----w C:\Documents and Settings\lawrence\Application Data\AdobeUM
2008-07-19 13:52 --------- d-----w C:\Program Files\Apple Software Update
2008-07-16 09:10 --------- d-----w C:\Program Files\DNA
2008-07-15 23:30 --------- d-----w C:\Documents and Settings\lawrence\Application Data\DNA
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 18:07 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-05-26 10:46 21,036 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2008-05-26 10:46 15,132 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2008-05-26 10:46 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-18 17:37 409,600 ----a-w C:\WINDOWS\SYSTEM32\wrap_oal.dll
2008-04-18 17:37 114,688 ----a-w C:\WINDOWS\SYSTEM32\OpenAL32.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-01-13 19:52 13,056 --sha-w C:\WINDOWS\SYSTEM32\ahadib.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-30_ 4.54.58.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-30 01:34:44 59,916 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-07-30 21:21:09 59,916 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-07-30 01:34:44 73,260 ----a-w C:\WINDOWS\SYSTEM32\perfc00C.dat
+ 2008-07-30 21:21:09 73,260 ----a-w C:\WINDOWS\SYSTEM32\perfc00C.dat
- 2008-07-30 01:34:44 397,696 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-07-30 21:21:09 397,696 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2008-07-30 01:34:44 464,892 ----a-w C:\WINDOWS\SYSTEM32\perfh00C.dat
+ 2008-07-30 21:21:09 464,892 ----a-w C:\WINDOWS\SYSTEM32\perfh00C.dat
+ 2008-07-30 22:04:29 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_cf4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB Audigy 2 Startup Menu"="/L:FRN" [X]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 13:04 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 19:45 1271032]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-02 00:34 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 20:22 28672]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 14:28 684032]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 16:30 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 17:32 294997]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 13:50 1232152]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"CTHelper"="CTHELPER.EXE" [2003-02-20 18:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="CTASIO.DLL" [2003-02-20 18:27 110592 C:\WINDOWS\SYSTEM32\CTASIO.DLL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2005-02-23 19:18:32 25214]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-23 00:38:12 67128]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-08-14 00:40:59 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.4.0-frFR-downloader.exe"=
"C:\\Program Files\\Steam\\steamapps\\allenjones0\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:battle.net

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 13:50]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2002-08-07 07:34]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 13:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 13:50]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 13:50]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]
R2 NetAlrt;NetAlrt;C:\WINDOWS\System32\drivers\NetAlrt.sys [2002-05-07 18:05]
R2 PlatAlrt;PlatAlrt;C:\WINDOWS\System32\drivers\PlatAlrt.sys [2002-05-07 18:06]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;C:\Program Files\SPYWAREfighter\spfprc.exe [2008-02-21 15:37]
S3 NUVision;BLUEcord BLUE'USB (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys []
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 sonydcam;Caméra de bureau 1394 générique;C:\WINDOWS\system32\DRIVERS\sonydcam.sys [2004-08-04 08:09]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bcc2c6c-dfb2-11db-a23f-0060b3fa26a7}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 02:33:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
Temps d'accomplissement: 2008-07-31 2:36:26
ComboFix-quarantined-files.txt 2008-07-31 00:35:24
ComboFix2.txt 2008-07-30 02:55:19

Pre-Run: 19,053,731,840 octets libres
Post-Run: 19,035,967,488 octets libres

232 --- E O F --- 2008-07-09 10:18:02

anthony5151 · Answer

Ok, il n'y a plus grand chose dans ce rapport, Combofix a détecté pas mal de fichiers infectés tout seul en fait :)  Pour finir, fais ceci :


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !



P.S : pour la suite il faura attendre demain, je vais dormir ;)

susu75 · Answer

Voici le Report.txt :


[b]SDFix: Version 1.210 [/b]
Run by lawrence on 31/07/2008 at 03:33

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\lawrence\Bureau\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\Documents and Settings\lawrence\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dl-torrent.com\settings.sol - Deleted



Folder C:\Documents and Settings\lawrence\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dl-torrent.com - Removed


Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 03:54:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060e8bc5a]
"000319126241"=hex:39,63,02,b0,fc,d3,3e,ef,7d,11,e5,23,68,ca,f9,49
"001df642d486"=hex:52,16,e6,88,16,1d,c5,16,c0,83,9b,5c,ea,f2,6c,9e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060e8bc5a]
"000319126241"=hex:39,63,02,b0,fc,d3,3e,ef,7d,11,e5,23,68,ca,f9,49
"001df642d486"=hex:52,16,e6,88,16,1d,c5,16,c0,83,9b,5c,ea,f2,6c,9e

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\rtcshare.exe"="C:\WINDOWS\SYSTEM32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\steamapps\allenjones0\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\allenjones0\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\lawrence\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 12 Jan 2004            56 A.SH. --- "C:edir.sys"
Wed 28 Jul 1999        27,136 A..H. --- "C:\Program Files\ProDJ\~WRL2886.tmp"
Thu 26 Aug 2032         1,537 A.SH. --- "C:\WINDOWS\page files\maxmeg.sys"
Sun 13 Jan 2008        13,056 A.SH. --- "C:\WINDOWS\SYSTEM32\ahadib.sys"
Sat 24 Mar 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu  3 Jul 2008           192 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiD6.tmp"
Sun 10 Jun 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu  8 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT5.tmp"
Sun 30 Dec 2007        19,968 ...H. --- "C:\Documents and Settings\lawrence\Application Data\Microsoft\Word\~WRL1099.tmp"

[b]Finished![/b]

susu75 · Answer

Voila ensuite le Hijackthis.log  :) 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:13:28, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Dantz\Retrospectetrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu]  /L:FRN
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl115fd.blu115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cmdiwnymr-e - CMD Technology, Inc. - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospectetrorun.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

anthony5151 · Answer

Bien :)  Il ne reste que deux lignes dangereuses que tu vas pouvoir supprimer avec Hijackthis (voir ci-dessous).

Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;)  Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).



1) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (seules les deux lignes 015 sont dangereuses, les autres sont juste inutiles) : 

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"    
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
04 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Cmdiwnymr-e - CMD Technology, Inc. - (no file)

Ensuite, clique sur "Fix checked" 



2) Télécharge ToolsCleaner sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe 
installe-le normalement, puis lance-le. 
Clique sur Recherche et laisse le scan se finir.
Cliquez sur Suppression pour nettoyer. 
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).



3) Sécurise ton ordinateur 

- Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille d’installer et d'utiliser le navigateur Firefox 3 avec l’extension « AdBlockPlus ».
Tutorial : https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

- Java n'est pas à jour, c'est une faille de sécurité.
Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les. Télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/

- Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version depuis cette adresse :  https://get2.adobe.com/reader/otherversions/



4) Télécharge et installe CCleaner (attention à l'installation, pense à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner) : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html 

Utilise la fonction Nettoyeur de ce logiciel, puis la fonction Registre plusieurs fois de suite pour effectuer des nettoyages (tu peux garder ce logiciel et l'utiliser régulièrement).




5) Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection). 

* Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés. 
* Sélectionne l'onglet restauration du système 
* Coche l'option Désactiver la restauration du système sur tous les lecteurs 
* Clique sur OK. 

Puis refais la manipulation inverse pour réactiver la restauration système. 



6) Je t'invite enfin à visiter cette page, très complète, pour avoir des informations supplémentaires sur la façon de sécuriser ton ordinateur : 
https://www.malekal.com/proteger-pc-virus-pirates/?f=36&t=381&sid=d03ac6bc6efb6e5384089615e97fc435

susu75 · Answer

Je tiens particulièrement a te remercie sur la patience et la compréantion que tu as eu et surtout JE TE FAI PLEIN D'BIZOU :p je deconnais ! 

Nn sincèrement merci beaucoup a toi tu ma vraiment aider a règlé ce problème avec SUCCES !!!  

HIP IP IP HOURRA :D

anthony5151 · Answer

De rien, c'était un plaisir de t'aider :)  En plus j'ai droit à des bisous, cool  ^_^

Bonne continuation, et n'hésite pas à revenir si tu as besoin d'aide

Marina75 · Answer

Bonjour, moi je suis nouvelles, je l'ai fais et voila ce que j'ai..quelqu'un peut m'aider?



SmitFraudFix v2.333

Rapport fait à 15:10:00,53, 05/08/2008
Executé à partir de E:\T‚l‚chargements\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est 
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS	snp325.exe
C:\WINDOWS\vsnp325.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1	www.legal-at-spybot.info
127.0.0.1	legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

" VIRUS ALERT! " Disparition C: , D: et

22 réponses

Votre réponse

Discussions similaires

Newsletters