désinstaller gestionnaire orange?!? Fermé

Question

Bonjour,

je navigue sous firefox par une connexion livebox sagem et un fournisseur orange, mais le gestionnaire de navigation orange me dérange car il n'arrive pas a se connecter alors il fait planter firefox et je suis obligé de rallumer mon pc pour me reconnecter (bug des fois), voulant le désinstaller j'ai fait:
panneau de conf> ajj/suppr de prog/ supprimer gestionnaire orange.

le programme n'est plus dans la liste mais le gestionnaire est toujours bien présent ainsi que le soucis.

comment désinstaller ce gestionnaire? (si c'est la bonne question)

merci d'avance

clem73 · Answer

Bonsoir soop,

Va jeter un coup d'oeil IcI

;)

Cricri · Answer

Bonsoir,
Ta démarche est correcte, va jeter un oeil dans les Program files. Pour cela : "Poste de travail", "Disque local" et "Program Files", tu trouveras certainement un dossier nommé "Orange". Pour être sûr de n'avoir rien oublié, retournes dans le "Poste de travail", fais un clic droit sur le "Disque local" (disque dur) et fais rechercher. Une nouvelle fenêtre apparaît, il faudra taper "Orange" et ensuite lancer la recherche. Si d'autres éléments apparaissent, vérifies bien, et au besoin supprimes les.
Bonne continuation...

soop · Answer

merci a tout les deux ,j'ai trouver la réponse sur le lien de clem, je crois que c'est bon, merci bcp !!!

soop · Answer

AÏE!!

il semble que le problème est toujours là, bien que j'ai eu un peu plus de repis que avant le gestionnaire orange a refait surface sans raison et a fait plante FF!
certes il ne s'est pas lancé au démarrage de xp mais est quand meme réapparut!

merci d'avance

boxer17 · Answer

mal désinstallé suis ce lien pour désinstaller correctement le gestionnaire orange et établir par la suite une connexion libre

http://forum.telecharger.01net.com/forum/high-tech/INTERNET/Internet/orange-livebox-inventel-sujet_14959_1.htm

le gestionnaire oronge est inutile voir dangereux et source de nombreux problème mais sa suppression doit ce faire proprement ensuite il est très simple d'établir une connexion libre un 2em lien pour t'aider 

https://www.jechange.fr/telecom/internet/guides/test-livebox-play-3187

suit bien la procédure et tout fonctionnera.

soop · Answer

wahouuu!!! c'est tendu je m'en sent pas vraiment capable :[ 
mais j'e vais tout imprimer et lire plusieurs fois et je vais tenter,
merci beaucoup!

pas d'autre soluce plus easy par hasard???

clem73 · Answer

Re,

Il semblerait, au vu des discussions, qu'un nettoyage de la base de registre avec CCleaner, après la suppression des programmes orange via le panneau de configuration, donne de bons résultats..

Tuto et téléchargement IcI

Si tu aimes la lecture...  ;-)
Voici d'autres liens vers des discussions, qui semblent utiles :

http://www.commentcamarche.net/forum/affich 2381283 desactiver gestionnaire orange#haut
http://forum.orange.fr/liremessages.php?idsection=1082&thread=560672

Bonne chance.

soop · Answer

salut ,c'est toujours moi...


j'ai réussi a désinstaller le gestionnaire, c'était trés simple en fait, merci pour tout les liens que vous m'avez refilé...


là ça marche mieux mais seulement mieux, j'ai toujours des déconnexions intempestives avec toujours obligation de rallumer le pc, la livebox ne clignote pas et aucun message d'erreur n'est visible!
maintenant au lieu d'avoir 15 minutes de navigation ,j'ai plutot en moyenne une heure!

voilà....

soop · Answer

je vois un truc bizarre ,quand ça plante ,en bas de la fenetre de FF on peut lire qu'il ne cherche plus l'hote du site actuel mais www.dealio.com j'avais ça en barrre c'est desinstaller mais...

soop · Answer

personne n'a une idée??

un ptit logfile hijackthis peut etre???



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:03:31, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\endeavour\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Common Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\LHyhCo29Sb.dll (file missing)
O2 - BHO: Century Class - {B9893324-6B8F-4C54-98A8-D22194403550} - C:\WINDOWS\system32\SoTools.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA1D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [jignndllod] c:\documents and settings\endeavour\local settings\application data\jignndllod.exe jignndllod
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ò×È¤¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ò»ÆðÀ´ÒôÀÖÉçÇø - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {14578416-1111-1111-1111-111111411123} - file://c:\windows\system32\calc.exe
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32	lntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

clem73 · Answer

salut soop,

Désolée, j'ai vu sur mes Interventions que tu avais posté un message à 13:04, mais impossible de le lire... ça bug +++ en ce moment sur le site ! (réédite le stp...)

Donc, oui pour cette barre dealio, plutôt "collante" apparemment et rebelle à se laisser désinstaller.

Ton problème de gestionnaire orange est réglé apparemment. Si tu as toujours ces problèmes de déconnexions intempestives, voit du côté de ton FAI maintenant et si rien chez eux, tourne toi peut être vers un problème d'infection de ton PC... sait on jamais.

Je suppose que tu as un antivirus et pare feu en état de fonctionnement  :)

Tu peux essayer la chose suivante :

télécharge Hijackthis qui est un  outil spécifique permettant de détecter et de supprimer les spywares et hijackers installés furtivement sur ta machine.
Tu pourras le faire à partir de ce lien ==>http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Lance le programme, puis sélectionne < do a system scan and save a logfile >
Enregistre le rapport sur ton bureau.
Et envoie le ici par copier/coller.

Quelqu'un de compétent pourra l'interprèter et te dire quoi.

;)

Utilisateur anonyme · Answer

Bonjour,
Clém m'a parlé de toi et de ton PC.

Tu es infecté.

Alors,
> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)


Ensuite,
> Télécharge Navilog1 de Il Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
- Enregistre-le sur ton Bureau puis décompresse-le en faisant « extraire-tout ».
- Double clique sur Navilog1.exe
- Choisis pour la langue le français, puis l'option 1 et valide.
Attention  : n’utilise surtout pas les options 2,3 ou 4 maintenant. (tu risquerais d’endommager ton pc)
- Patiente jusqu'au message : < Analyse Terminée le ..... > Ensuite appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. 
- Fais un copier coller du rapport généré et poste-le ici.
NB : Le rapport se trouve aussi à la racine de ton disque : fixnavi.txt



Puis on continue.


A+

soop · Answer

-----------\  ToolBar S&D 1.0.7  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : endeavour ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
   [ 31/07/2008 | 15:15:09,56 ] [ PC : FAMILLE- ]
   [ MAJ : 25-07-2008 | 17:35 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\Dealio
   C:\Program Files\Dealio\kb127
   C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\Search Settings
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\Search Settings\kb127
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb127
   C:\Program Files\Search Settings\SearchSettings.exe
   C:\DOCUME~1\MIREILLE\APPLIC~1\VMNToolbar
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\01net.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\1px_dark.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\1px_green.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\1px_white.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\YouTube.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\a.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\amazon.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\an.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrowB.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrowT.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_down.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_red.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_red2.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_up.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\autofill.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\avstate.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\b.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\background2.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bg_pub.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bg_ttl.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\btn_close.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\btn_minus.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\c.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\canalblog.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\cn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\d.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\dictionary2.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\dn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\dropdown.css
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\f.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_australia.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_canada.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_china.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_france.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_germany.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_greece.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_india.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_italy.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_japan.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_korea.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_spain.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_uk.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_usa.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\fn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\g.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\gaming.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\gn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\gograph.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred0.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred1.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred2.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred3.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred4.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_aries.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_cancer.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_gemini.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_leo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_libra.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_pisces.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_taurus.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_virgo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\help.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\hideremove.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\highlight.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\hn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\i.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\in.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\ipsearch.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\j.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\jn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\k.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\kn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\l.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\ln.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\loading.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\login.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\logo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
ew02.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
ews.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
ews.html
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
n.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\o.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\on.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\p.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\pn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\popup_off.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\popup_on.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\popup_ona.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\q.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\qn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarelatedlinks.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbareport.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarss.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarss.xsl
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarss1.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarsslib.js
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\s.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\security.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\siteinfo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\slider.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\spacer.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red1.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red2.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red3.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red4.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red5.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\storage.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ab_icon.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ablib.js
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	abwelcome_en.html
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	abwelcome_fr.html
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	echnorati.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	hes_search.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	n.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ools.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ranslate.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\u.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\un.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\v.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\vmlib.js
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\vn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\w.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\web.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\web_fr.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\wikipedia.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\wn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\x.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\xp_close_small.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\yahoo.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\yahoo_search.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\z.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\zn.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\zoom.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\NewCfg
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\pixsy.bmp
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarssmenu1_7a.zip
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\utf8.js
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\search_fr.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\search.gif
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\left.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbaright.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	op.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bottom.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	op_left.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	op_right.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bottom_left.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bottom_right.png
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\downfile
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	abdataV3.js
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt5637859
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt23825296
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sinfo.txt23841781
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt1845015
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt45470484
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt124093
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt312328
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sinfo.txt53673437
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt3049781
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt1618421
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sinfo.txt
   C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt758390
   C:\Program Files\VMNToolbar
   C:\Program Files\VMNToolbar	buninstall.exe
   C:\Program Files\VMNToolbar	oolbar.ini
   C:\Program Files\VMNToolbar\install.ico
   C:\Program Files\VMNToolbar\vmntoolbar.dll
   C:\Program Files\VMNToolbar\uninstall.exe

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://www.zhaodao123.com/"
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.acer.com/worldwide/selection.html"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f"


   -----------\  Fin du rapport a 15:16:06,68

soop · Answer

Search Navipromo version 3.6.1 commencé le 31/07/2008 à 15:18:58,09

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "endeavour" 

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2188 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\endeavour\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\MIREILLE\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\endeavour\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\MIREILLE\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\endeavour\menud+~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\endeavour\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\MIREILLE\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\endeavour\locals~1\applic~1" : 

jignndllod.dat trouvé !
jignndllod_nav.dat trouvé !
jignndllod_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\MIREILLE\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 31/07/2008 à 15:21:40,32 ***

Utilisateur anonyme · Answer

Re,
ok : on continue.

> Lance navilog1 :
- Choisis l'option 2
Navilog travail... patient jusqu'à ce qui soit marqué < Nettoyage Termine le ..... >
Un rapport va être générer. Poste le dans ta prochaine réponse.
Note: le bureau disparaît.



Ensuite,
> Lance Toolbar-S&D (Team IDN) :
- Tape sur "2" puis valide en appuyant sur "Entrée".
Attention : ! Ne ferme pas la fenêtre lors de la suppression !
- Un rapport sera généré, poste son contenu sur le forum.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. Puis rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter...". Tape explorer puis valide.


Pour finir reposte un rapport HiJackT stp.
Ta connexion internet marche ?

A+

soop · Answer

-----------\  ToolBar S&D 1.0.7  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : endeavour ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
   [ 31/07/2008 | 15:33:48,81 ] [ PC : FAMILLE- ]
   [ MAJ : 25-07-2008 | 17:35 ]

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\Dealio\kb127
   Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
   Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\01net.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\1px_dark.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\1px_green.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\1px_white.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\YouTube.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\a.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\amazon.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\an.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrowB.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrowT.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_down.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_red.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_red2.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\arrow_up.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\autofill.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\avstate.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\b.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\background2.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bg_pub.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bg_ttl.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\btn_close.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\btn_minus.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\c.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\canalblog.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\cn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\d.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\dictionary2.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\dn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\dropdown.css
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\f.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_australia.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_canada.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_china.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_france.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_germany.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_greece.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_india.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_italy.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_japan.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_korea.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_spain.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_uk.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\flag_usa.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\fn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\g.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\gaming.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\gn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\gograph.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred0.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred1.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred2.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred3.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred4.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\graphred5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_aries.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_cancer.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_gemini.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_leo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_libra.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_pisces.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_taurus.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\h_virgo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\help.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\hideremove.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\highlight.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\hn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\i.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\in.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\ipsearch.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\j.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\jn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\k.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\kn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\l.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\ln.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\loading.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\login.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\logo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
ew02.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
ews.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
ews.html
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
n.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\o.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\on.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\p.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\pn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\popup_off.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\popup_on.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\popup_ona.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\q.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\qn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarelatedlinks.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbareport.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarss.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarss.xsl
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarss1.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarsslib.js
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\s.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\security.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\siteinfo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\slider.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\spacer.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red1.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red2.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red3.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red4.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\stars-red5.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\storage.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ab_icon.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ablib.js
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	abwelcome_en.html
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	abwelcome_fr.html
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	echnorati.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	hes_search.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	n.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ools.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	ranslate.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\u.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\un.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\v.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\vmlib.js
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\vn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\w.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\web.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\web_fr.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\wikipedia.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\wn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\x.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\xp_close_small.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\yahoo.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\yahoo_search.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\z.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\zn.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\zoom.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\NewCfg
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\pixsy.bmp
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbarssmenu1_7a.zip
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\utf8.js
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\search_fr.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\search.gif
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\left.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbaright.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	op.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bottom.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	op_left.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	op_right.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bottom_left.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\bottom_right.png
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\downfile
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar	abdataV3.js
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt5637859
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt23825296
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sinfo.txt23841781
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt1845015
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt45470484
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt124093
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt312328
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sinfo.txt53673437
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt3049781
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt1618421
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\sinfo.txt
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt758390
   Supprime! - C:\Program Files\VMNToolbar	buninstall.exe
   Supprime! - C:\Program Files\VMNToolbar	oolbar.ini
   Supprime! - C:\Program Files\VMNToolbar\install.ico
   Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
   Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
   Supprime! - C:\Program Files\Dealio
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\Search Settings
   Supprime! - C:\Program Files\Search Settings
   Supprime! - C:\DOCUME~1\MIREILLE\APPLIC~1\VMNToolbar
   Supprime! - C:\DOCUME~1\ENDEAV~1\APPLIC~1\VMNToolbar
   Supprime! - C:\Program Files\VMNToolbar

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://www.zhaodao123.com/"
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.acer.com/worldwide/selection.html"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f"


   -----------\  Fin du rapport a 15:39:21,12
_________________________________________________________________________

mon bureau n'a pas disparu, je fais la suppr navilog ;)

soop · Answer

Clean Navipromo version 3.6.1 commencé le 31/07/2008 à 15:42:34,95

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "endeavour" 

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : FAT32

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\endeavour\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Suppression dans "C:\DOCUME~1\MIREILLE\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\endeavour\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\MIREILLE\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\endeavour\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\MIREILLE\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\endeavour\menud+~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\endeavour\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\endeavour\locals~1\applic~1" * 


jignndllod.dat trouvé ! 
Copie jignndllod.dat réalisée avec succès !
jignndllod.dat supprimé !

jignndllod_nav.dat trouvé ! 
Copie jignndllod_nav.dat réalisée avec succès !
jignndllod_nav.dat supprimé !

jignndllod_navps.dat trouvé ! 
Copie jignndllod_navps.dat réalisée avec succès !
jignndllod_navps.dat supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\MIREILLE\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 31/07/2008 à 15:46:22,43 ***

________________________________________
je crois que j'ai pas fait les deux dans le bon sens! une importance?

Utilisateur anonyme · Answer

Re,

je crois que j'ai pas fait les deux dans le bon sens! une importance?,
aucune. Pas grave.


Peux reposter un nouveau rapport HiJackT ?

Et pour ta connexion ?

A+

clem73 · Answer

Encore des problèmes d'affichage de post...

Et "Sézame ouvre toi"... Ludo, ça marche aussi  pour le faire réapparaître, tu crois ?   ;-)

soop · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:13:21, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\endeavour\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Common Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\LHyhCo29Sb.dll (file missing)
O2 - BHO: Century Class - {B9893324-6B8F-4C54-98A8-D22194403550} - C:\WINDOWS\system32\SoTools.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA1D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ò×È¤¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ò»ÆðÀ´ÒôÀÖÉçÇø - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {14578416-1111-1111-1111-111111411123} - file://c:\windows\system32\calc.exe
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32	lntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Utilisateur anonyme · Answer

Ok, Alors : > Lance Hijackthis : - Puis sélectionne < Do a system scan only > - Coche les cases des lignes suivantes : R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe Common Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\LHyhCo29Sb.dll (file missing) O2 - BHO: Century Class - {B9893324-6B8F-4C54-98A8-D22194403550} - C:\WINDOWS\system32\SoTools.dll O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Ò»ÆðÀ´ÒôÀÖÉçÇø - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {14578416-1111-1111-1111-111111411123} - file://c:\windows\system32\calc.exe O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing) Ensuite, - Ferme toutes les autres fenêtres et applications (même internet) - Clic sur < fixe checked > > Télécharge OTMoveIT (de Old_Timer) : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe sur ton bureau... - Double-clique sur OTMoveIt.exe pour le lancer. - Assure toi que la case "Unregister Dll's and Ocx's" est bien cochée !!! - Copie le texte qui se trouve ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé . C:\WINDOWS\system32\SoTools.dll C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe - Clique sur < MoveIt! > pour lancer la suppression. - Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit N.B :Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES. Un rapport est créé dans %SYSTEMDRIVE%\_OTMoveIt\MovedFiles\date du jour (C:\_OTMoveIt\MovedFiles\), copie-colle-le dans ta réponse suivante stp. Ensuite, > Les logiciels suivants (MalwareByte's Anti-Malware et Ccleaner) te seront utiles par la suite - ils sont à conserver... > Télécharge MalwareByte's Anti-Malware : - Installe le programme puis lance le stp. NB : S'il te manque COMCTL32.OCX alors télécharge le ici - Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme. NB : Si tu as besoin : Tuto > Télécharge et installe Ccleaner : Si besoin est tu trouveras des Tutoriaux : ici, ici et là. > Commence par faire un copier/coller de ce poste (cette manip.): (conseillé) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"), puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte. Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec. > Démarre en mode sans échec (ne passe pas par MSconfig pour le faire): (image). Si problème : tuto ici > Lance MalwareByte's Anti-Malware, - Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente... - A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors) - après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum. > Lance Ccleaner, - Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé). - Dans l'onglet "Nettoyeur" clique sur "Analyse". - Une fois l'analyse terminée, clique sur "Lancer le Nettoyage". - Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer. N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau' Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois). > Relance ton PC en mode normal > Relance Hijackthis : Puis sélectionne < do a system scan and save a logfile >, Et envoie moi, par collier/coller, ton log Hijackthis, Bon courage, A+

soop · Answer

File/Folder C:\WINDOWS\system32\SoTools.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_164455

________________________________________________________________________________







Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2

17:07:00 31/07/2008
mbam-log-7-31-2008 (17-07-00).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 111843
Temps écoulé: 15 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 47
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 26
Fichier(s) infecté(s): 69

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c86488af-13d5-4fef-9ddf-9fb88698cfc1} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3342887-aab1-428c-90c6-642be0b6cffe} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e6bec792-a39d-4512-aa44-41627908dc2e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewscocomediumspop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewscocomediumspop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadspushor.bslogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadspushor.bslogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewpushedshower.bologic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewpushedshower.bologic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsadvpusher.brlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsadvpusher.brlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsmediaspusher.bllogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsmediaspusher.bllogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushershower.bplogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushershower.bplogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushingshower.bqlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushingshower.bqlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
tptdb (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehpr.invoke (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehpr.invoke.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE
ewpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ms_2fax (Trojan.Adclicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services
tptdb (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{ee60714f-ac17-427e-861a-fd60cbdf119a} (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\CPUSH (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai	ools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d139d5c216 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d2087d1212 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\df7609d205 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d31255c21a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d8a2c1220f (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d267e10212 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d2bab8121a (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure
bmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesourcesegister_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images	itle-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs
avigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubsegister.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\_keepfile (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\_inifid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\_inifiletime (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai	ools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\b2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\k2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\a2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\p2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS	empaq (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Adware.Cinmus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM
tptdb.sys (Trojan.Agent) -> Quarantined and deleted successfully.




______________________________________________________________________




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:14:17, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\endeavour\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA1D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ò×È¤¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://www.orange.fr/portail
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32	lntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

soop · Answer

le problème est toujours là!!!

soop · Answer

plus personne pour me guider?

vous n'avez plus d'idée , les rapports otmoveit; hijack et malware n'indiquent rien?

Utilisateur anonyme · Answer

BONJOUR !

Mon PC a planté suite à l'installation d'une distribution Linux. Je t'écris actuellement d'un autre PC.

Jusqu'à présent nous avons retiré beaucoup de cochonneries sur ta bécane. Il en reste : je les vois très bien, notamment une infection d'origine chinoise qui doit certainement être à l'origine de tes problèmes.

Mais,
http://www.commentcamarche.net/forum/affich 7664818 desinstaller gestionnaire orange?page=2#24
http://www.commentcamarche.net/forum/affich 7664818 desinstaller gestionnaire orange?page=2#25


Donc commence par utiliser ce fix : http://www.technicland.com/malpolitus.swf


Après on continuera.

Bonne journée.

soop · Answer

bonjour, 

désolé je suis vraiment confu ,c'est pas à mon habitude de ne pas prendre le temps pour les politesses sur le net ,le coeur yest mais c'est ptet le stress de devoir copier tout mes posts ,rallumez mon pc reprendre la copie et n'arriver qu'une fois sur deux a vous poster ça!

excusez moi, j'espere que vous ne m'y reprendrez pas !

et merci a clem d'avoir avertit DllD qui m'a bien aidé jusqu'ici, j'espere que tu m'en veut pas trop!!!


a plus...

Utilisateur anonyme · Answer

Bonjour à tous, Ok Soop, pas de souci. Sauf pour ton PC. Si je mets du temps à répondre c'est que mes problèmes ne se sont pas arrangés. J'ai planté le MBR de mon PC (la zone amorce), ce qui fait que je ne peux plus booter : aucun démarrage possible et le disque dur n'est plus reconnu même démonter et branché en USB sur une autre bécane : Kedall alors que j'ai de précieuses informations dessus. Si ça avait été un moteur de voiture, après deux jours de recherches intensives, je serais couvert de camboui. Bref, place à ton PC : Quand je te parle d'infection chinoise, regarde un peu ici : MBAM dit ici : http://www.commentcamarche.net/forum/affich 7664818 desinstaller gestionnaire orange?page=2#23 C:\Program Files\Yiqilai\wmp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\_keepfile (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\_inifid (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\_inifiletime (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\Temp\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\Temp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\foobar\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai ools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\_keepfile (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\_inifid (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\wmp\_inifiletime (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\Temp\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\Temp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\foobar\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Yiqilai ools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully. Google dit là : https://www.google.com/search?client=firefox-a&rls=org.mozilla%3Afr%3Aofficial&channel=s&hl=fr&q=Yiqilai&lr=lang_fr&btnG=Recherche+Google&gws_rd=ssl et https://www.google.com/search?hl=fr&client=firefox-a&channel=s&rls=org.mozilla%3Afr%3Aofficial&q=YiqilaiLyrics.exe+&btnG=Rechercher&lr=lang_fr&gws_rd=ssl http://www.commentcamarche.net/forum/affich 3884524 virus chinois Comme tu peux le voir c'est très peu référencé : une infection ""nouvelle"" mais pas temporellement. Je dirais plutôt infection rare en fait. Tu es donc pour moi un cas très intéressant. Merci. Je vais pouvoir en informer certains services qui font de la recherche en ce domaine et avertissent les fabricants d'antivirus pour assurer les mises à jour. C'est comme cela que ça fonctionne. Si les bases antivirales de ton AV sont à jour c'est, en partie, due à des bénévoles passionnés. Je vais donc te demander ceci : - Ouvre Malwarebyte's antimalwares puis fais les mises à jour. - Clique sur l'onglet "Quarantaine" puis sur le bouton "Tout restaurer". - Navigue dans ton disque dur jusqu'à C:\Program Files\Yiqilai - Fais un copier/coller du dossier Yiqilai dans un nouveau dossier nommé MAD-DllD-Yiqilai (copie/colle ce nom en gras) préalablement crée sur ton bureau. - Transforme ce dossier en une archive pourtant le même nom. Choisis comme taux de compression le plus élevé si c'est possible. (Si tu n'as pas de logiciel d'archivage tu peux utiliser Izarc : http://www.commentcamarche.net/telecharger/telecharger 231 izarc Tuto : http://artic.ac-besancon.fr/arts_plastiques/ArtTice/apdidactic/TUTOizarc.pdf (partie comment zipper un dossier)). - Rends toi sur ce site : http://secubox.gateweb.org/mad.php et envoie le zip grâce à parcourir => bureau => MAD-DllD.zip - Poste en temps que commentaire dans Veuillez indiquer ci-dessous le message destiné à notre équipe: le texte en italique suivant (fais un copier/coller) : Bonjour, Je suis actuellement sur la discussion suivante : http://www.commentcamarche.net/forum/affich 7664818 desinstaller gestionnaire orange contenant des informations susceptibles de vous intéresser. J'ai demander à l'utilisateur Soop de vous faire parvenir un Zip des infections incriminées. J'espère que ces informations vous seront utiles dans votre lutte antimalwares. En vous souhaitant bonne réception du document. Bien à vous, DllD Merci pour ta contribution : à travers cette action tu vas participer à la lutte contre les véroles du web. C'est important que tu effectues cette opération. PS : si, à tout hasard, le zip est trop lourd pour être envoyé directement, alors utilise ce service : http://dl.free.fr/ Alors, je t'explique : Dans ton dernier rapport (HJT) : O8 - Extra context menu item: Ò×È¤¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm C'est là, en partie, le problème (je pense). Regarde ici : http://www.ca.com/ca/fr/securityadvisor/pest/pest.aspx?id=453099549 => Catégorie : Adware Après on verra ce qu'il reste dans les futurs rapports. Aller, suffit de tergiverser, place au nettoyage : Supprime le dossier et l'archive MAD-DllD-Yiqilai présent sur ton bureau puis vide ta corbeille. Lance MalwareByte's en mode sans échec, effectue une examen complet, supprime tous les éléments trouvés puis poste le rapport obtenu après suppression. Ensuite, > Lance Hijackthis : - Puis sélectionne < Do a system scan only > - Coche les cases des lignes suivantes : R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O8 - Extra context menu item: Ò×È¤¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing) Ensuite, - Ferme toutes les autres fenêtres et applications (même internet) - Clic sur < fixe checked > > Relance ton PC en mode normal puis Hijackthis : Puis sélectionne < do a system scan and save a logfile >, Et envoie, par collier/coller, ton log Hijackthis stp, Après, > Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau. Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement. - Double clique combofix.exe - Tape sur la touche 1 (Yes) pour démarrer le scan. - Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. NOTE : Le rapport se trouve également ici : C:\Combofix.txt Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. Bon courage, Honnêtement ta version d'Office est crackée, non ? PS : info : http://www.who.is/domain_archive-com/yiqilai.com/ A+

soop · Answer

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1018
Windows 5.1.2600 Service Pack 2

13:27:40 03/08/2008
mbam-log-8-3-2008 (13-27-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 113691
Temps écoulé: 25 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 26
Fichier(s) infecté(s): 69

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c86488af-13d5-4fef-9ddf-9fb88698cfc1} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3342887-aab1-428c-90c6-642be0b6cffe} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e6bec792-a39d-4512-aa44-41627908dc2e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewscocomediumspop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewscocomediumspop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadspushor.bslogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewadspushor.bslogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewpushedshower.bologic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewpushedshower.bologic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsadvpusher.brlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsadvpusher.brlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsmediaspusher.bllogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewsmediaspusher.bllogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushershower.bplogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushershower.bplogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushingshower.bqlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
ewspushingshower.bqlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
tptdb (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehpr.invoke (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehpr.invoke.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE
ewpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\CPUSH (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai	ools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d139d5c216 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d2087d1212 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\df7609d205 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d31255c21a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d8a2c1220f (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d267e10212 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\ad\d2bab8121a (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{94D6633F-9D8D-48C4-A605-F1F1C370EA88}\RP606\A0187788.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure
bmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesourcesegister_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images	itle-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs
avigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubsegister.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\_keepfile (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\_inifid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp\_inifiletime (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\icon2.ico (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai	ools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\b2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\k2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\a2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data	\p2001.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS	empaq (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Adware.Cinmus) -> Quarantined and deleted successfully.



_____________________________________________________________________




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:29:40, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\endeavour\Bureau\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA1D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://www.orange.fr/portail
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32	lntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Utilisateur anonyme · Answer

Re,
Tu as encore oublié le bonjour....
C'est pourtant simple.


Et tu n'as pas répondu à ma question : pour Office ? C'est un crack ?

Deux questions de plus :
1°/ comment va le PC ?
2°/ As tu envoyé le Zip à MAD (je vais prendre contacte avec eux pour savoir aussi, mais ta réponse sera plus rapide) ?


PS : il reste quelques fichiers infectieux que révèle le Combofix.
Après m'avoir répondu on termine.

A+

g!rly · Answer

...

g!rly · Answer

Salut Ludo,

Désolé d´entendre tes déboires :(...

Franck m´a expliqué, comme il a pu (manque de pô certain :(

Manu c´est tout de suite proposé pour t´aider :) je ne sais pas si tu as vu son message ?

J´espére que ça va s´arranger !

@ bientôt

Kisses`

Julie`

soop · Answer

bonjour, 


je comprends pas ,je suis désolé ,j'ai du faire une fausse manip ,car j'avais ecrit plus de choses(dont le bonjour et la réponse a tes questions), mais j'ai du pinailler au cop/col!!!

oui biensur j'ai envoyé le zip a MAD...

mon office craqué???? peut etre, je sais pas, c'est pas moi qui l'ai installé... pourquoi, il pourrait poser problème??

sinon le pc est toujours dans le meme état, déconnexion intempestive (10/20min) bug au redemarrage...


merci encore DllD

Utilisateur anonyme · Answer

Bonjour, désolé pour le retard mais j'ai beaucoup de travail en ce moment et j'ai toujours pas récupéré mon PC. Alors, on continue (j'espère que tu es encore là) : > Lance Hijackthis : - Puis sélectionne < Do a system scan only > - Coche les cases des lignes suivantes : O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing) Ensuite, - Ferme toutes les autres fenêtres et applications (même internet) - Clic sur < fixe checked > > Relance ton PC en mode normal puis Hijackthis : Puis sélectionne < do a system scan and save a logfile >, Et envoie, par collier/coller, ton log Hijackthis, Alors, > Avec Combofix : - Ferme tout tes navigateurs (donc copie ou imprime les instructions suivantes avant) - Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes : Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv] File:: C:\WINDOWS\system32\drivers\ALCICH.DAT C:\WINDOWS\system32\systemdrv.dll C:\WINDOWS\TEMP\E_SA1D.tmp C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe C:\Program Files\Dealio C:\WINDOWS\system32\D96E2D9601.sys C:\WINDOWS\system32\drivers\bqm05.sys Driver:: ACPIDISK CNPROV MS_2FAX MXDISPDR NTPTDB SYSLOADER YIQILAI sysloader D96E2D9601 1qax990p bqm05 - Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers) - Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image. (Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris). - Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide. - Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! - Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter ! - Une fois le scan achevé, un rapport va s'afficher: poste le stp. PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt Pour finir, > Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr N.B. : Le scan ne marche que sous Internet Explorer. - Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...) si possible. Allume les si necessaire. - Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >. - On va te demander de télécharger un contrôle active x, accepte . - Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer. - Poste le rapport qui sera généré stp. S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3 Rappel : le scan est à faire sous Internet Explorer Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html Bonne soirée. A+

soop · Answer

salut DllD; merci d'avoir penser a moi, je ne peut répondre que maintenant désolé (vacances)! je te poste tout les rapports demander: hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:21:16, on 16/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\soundman.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32 undll32.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\endeavour\Bureau\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA1D.tmp" /EF "HKCU" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: https://www.orange.fr/portail O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing) O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32 lntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe combofix: ComboFix 08-08-01.05 - endeavour 2008-08-14 16:32:09.2 - [color=red][b]FAT32/b/colorx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 2:00] Endroit: C:\Documents and Settings\endeavour\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\endeavour\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . - FONCTIONNALITES REDUITES - FILE :: C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe C:\Program Files\Dealio C:\WINDOWS\system32\D96E2D9601.sys C:\WINDOWS\system32\drivers\ALCICH.DAT C:\WINDOWS\system32\drivers\bqm05.sys C:\WINDOWS\system32\systemdrv.dll C:\WINDOWS\TEMP\E_SA1D.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\D96E2D9601.sys C:\WINDOWS\system32\drivers\ALCICH.DAT C:\WINDOWS\system32\systemdrv.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))))))) . 2008-08-13 19:44 . 2008-08-13 19:44 d-------- C:\Documents and Settings\endeavour\Application Data\DivX 2008-08-13 00:12 . 2008-08-13 00:12 268 --ah----- C:\sqmdata00.sqm 2008-08-13 00:12 . 2008-08-13 00:12 244 --ah----- C:\sqmnoopt00.sqm 2008-07-31 16:47 . 2008-07-31 16:47 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-31 16:47 . 2008-07-31 16:47 d-------- C:\Documents and Settings\endeavour\Application Data\Malwarebytes 2008-07-31 16:47 . 2008-07-31 16:47 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-31 16:47 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-31 16:47 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-31 16:44 . 2008-07-31 16:44 d-------- C:\_OTMoveIt 2008-07-31 15:17 . 2008-07-31 15:17 d-------- C:\Program Files\Navilog1 2008-07-31 15:14 . 2008-07-31 15:14 d-------- C:\Toolbar SD 2008-07-30 22:10 . 2008-07-30 22:10 d-------- C:\Program Files\Yahoo! 2008-07-30 22:10 . 2008-07-30 22:10 d-------- C:\Program Files\CCleaner 2008-07-27 13:35 . 1998-06-17 01:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL 2008-07-27 13:35 . 1998-06-17 01:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2008-07-27 13:34 . 2003-08-07 17:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-07-27 12:00 . 2008-07-27 12:00 d-------- C:\Program Files\eMule 2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\DivXdec.ax 2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm 2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm 2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-06-29 07:27 --------- d-----w C:\Program Files\Veoh Networks 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache cpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-14 12:22 --------- d-----w C:\Program Files\Free Audio Pack 2008-06-14 12:04 --------- d-----w C:\Program Files\AliveMedia 2007-10-27 16:54 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-03_13.42.28.39 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-25 08:34:36 683,520 ----a-w C:\WINDOWS\system32\DivX.dll + 2008-07-25 08:34:42 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll + 2008-07-25 08:34:40 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll + 2008-07-25 08:34:40 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll + 2008-07-25 08:34:40 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll + 2008-07-25 08:34:30 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe + 2008-07-25 08:34:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll + 2008-07-25 08:34:46 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll + 2008-07-25 08:34:46 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll + 2008-07-25 08:34:50 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll + 2008-07-25 08:34:46 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll + 2008-07-25 08:34:46 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll + 2008-07-25 08:34:46 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll + 2008-07-25 08:34:52 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll + 2008-07-23 16:50:46 551,672 ------w C:\WINDOWS\system32\px.dll + 2008-07-23 16:50:46 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe + 2008-07-23 16:50:48 518,904 ------w C:\WINDOWS\system32\pxdrv.dll + 2008-07-23 16:50:48 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe + 2008-07-23 16:50:46 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe + 2008-07-23 16:50:50 187,128 ------w C:\WINDOWS\system32\pxmas.dll + 2008-07-23 16:50:48 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll + 2008-07-23 16:50:48 379,640 ------w C:\WINDOWS\system32\pxwave.dll + 2008-07-23 16:50:46 88,824 ------w C:\WINDOWS\system32\vxblock.dll + 2008-08-14 13:38:58 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344] "EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 07:00 182272] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 23:36 1470464] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960] "SoundMan"="soundman.exe" [2001-05-29 17:02 124416 C:\WINDOWS\soundman.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\MSMSGS.EXE"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\eMule\LinkCreator.exe"= "C:\Program Files\Mozilla Firefox\FIREFOX.EXE"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18376:TCP"= 18376:TCP:NortonAV "18114:TCP"= 18114:TCP:NortonAV "13406:TCP"= 13406:TCP:NortonAV "17565:TCP"= 17565:TCP:NortonAV "14629:TCP"= 14629:TCP:NortonAV "46662:TCP"= 46662:TCP:emuletcp "46672:UDP"= 46672:UDP:emule udp "12830:TCP"= 12830:TCP:NortonAV "18314:TCP"= 18314:TCP:NortonAV "17627:TCP"= 17627:TCP:NortonAV "16500:TCP"= 16500:TCP:NortonAV "16881:TCP"= 16881:TCP:NortonAV "16207:TCP"= 16207:TCP:NortonAV "15463:TCP"= 15463:TCP:NortonAV "18166:TCP"= 18166:TCP:NortonAV "16472:TCP"= 16472:TCP:NortonAV "16059:TCP"= 16059:TCP:NortonAV "14327:TCP"= 14327:TCP:NortonAV R0 1qax990p;1qax990;C:\WINDOWS\system32\DRIVERS\1qax990p.sys [2004-08-20 01:09] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] S2 bqm05;bqm05;C:\WINDOWS\system32\drivers\bqm05.sys [] S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [] S4 Lmhaudska-;Lmhaudska-;C:\WINDOWS\system32\drivers dpcdd.sys [2001-08-28 12:00] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 16:32:40 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-14 16:33:48 ComboFix-quarantined-files.txt 2008-08-14 14:33:44 ComboFix2.txt 2008-08-03 11:43:22 Pre-Run: 51,392,806,912 octets libres Post-Run: 51,399,819,264 octets libres 182 --- E O F --- 2008-07-23 22:08:08 par contre j'ai fait l'analyse on line kaspersky mais je ne trouve plus le fichier? il avait trouvé deux fichiers infectés, ou puis-je retrouver le fichier? merci, a bientot...

Utilisateur anonyme · Answer

Bonsoir Soop,
j'espère que tu as passé de bonnes vacances.

:-)

Alors,
pour le scanne en ligne Kaspersky il faut à la fin du scanne cliquer sur le bouton <afficher le rapport>.

Puis un fichier texte va s'ouvrir, tu l'enregistres sur ton bureau puis tu le copie/colle sur le forum.

Je pense que tu es obligé de refaire l'analyse..... Sinon regarde dans tous les programmes si tu as des indices sur Kasper en ligne. 


Bon courage, on a presque terminé.

Comment va le PC aussi ?


Bonne soirée.

soop · Answer

salut DllD!


oui bonnes vacances!merci 


je vais refaire l'analyse kaspersky, pour que tu ai le rapport sinon j'ai toujours les memes soucis de déconnexion intempestive!!

je repasse demain avec le rapport.

merci beaucoup!

Désinstaller gestionnaire orange?!?

36 réponses

Discussions similaires