Sujet Précédent Sujet Suivant

Comment supprimer Antispyware 2009 ?

Résolu/Fermé
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012 - 8 oct. 2008 à 19:07
 hemve17 - 6 mai 2011 à 18:20
Bonjour.
Mon ordinateur est infecté par un rogue : XP Antispyware 2009. Il me bloque des pages internet, m'en ouvre sans demande, m'indique que mon ordinateur est infecté, me propose une 'analyse' du système...etc.
J'ai essayé de la supprimer avec SpyHunter mais je n'y suis pas arrivée. Je ne trouve pas XP Antispyware 2009 dans C:/Programme Files ni dans Processus ; pourtant il est toujours bien là...

Quelqu'un pourrait-il m'indiquer la démarche à faire ?

Je n'en peux plus de ce faux antispyware...

Merci d'avance.
A voir également:

47 réponses

Précédent
Réponse 21 / 47
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
14 nov. 2008 à 00:18
de voir si tu as vraiment supprimer car certains font la recherche et n appuie pas sur la grosse touche supprimer, donc ils n avancent pas.

exemple parmis tant d autres.
0
Réponse 22 / 47
frank59
15 nov. 2008 à 23:53
j,ai essayé plein de trucs : malwarebytes, spybot, et d'autres soumis sur ce forum, mais incapable d e me débarrasesr de ça.
J,ai fait d epetites recherches et tous le s sites qui donnent des trucs recommandent un antispyware , mais quand on regarde bien, ces sites sont faits par le s compagnies d,antispywares... et aucun ne fonctionne...
si on est pas un crack de l'informatique , j'ai l'impression qu'on s'en sort pas
0
Réponse 23 / 47
JéJé
25 janv. 2009 à 21:33
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1693
Windows 5.1.2600 Service Pack 2

25/01/2009 21:31:54
mbam-log-2009-01-25 (21-31-54).txt

Type de recherche: Examen complet (C:\|G:\|)
Eléments examinés: 69386
Temps écoulé: 27 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hgdfeeeh4fdg.dll (Trojan.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*svchostboot (Trojan.Dropper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\hgdfeeeh4fdg.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\JéJé\Application Data\cogad\cogad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\dmlt.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\tvtuvy.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\_c176bda1b9f39ef3ebd90ae388604166\down\598357323666.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\_c176bda1b9f39ef3ebd90ae388604166\down\conv000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\_c176bda1b9f39ef3ebd90ae388604166\down\curl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\_c176bda1b9f39ef3ebd90ae388604166\down\im000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\_c176bda1b9f39ef3ebd90ae388604166\down\rp000.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Application Data\_c176bda1b9f39ef3ebd90ae388604166\down\xxx000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Local Settings\Temp\betsasecxn.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Local Settings\Temp\Codec_v.1008.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Local Settings\Temp\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\JéJé\Local Settings\Temporary Internet Files\Content.IE5\SLYZKDY3\im[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 24 / 47
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
25 janv. 2009 à 22:02
jeje il faut creer ton propre topic et tu colles ton rapport malwarebyte , colle egalement un rapport hijack.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
25 janv. 2009 à 22:07
Merci de créer ton propre sujet :
http://www.commentcamarche.net/forum/forum 7#ecrire
0
Réponse 26 / 47
yohann2b
1 juin 2010 à 17:11
Jai le meme probleme sauf que mon internet ne marche pas du tout. si quelq1 aurai une reponse Svp ?
0
Réponse 27 / 47
971
26 sept. 2010 à 12:09
merci beaucoup DESTRIO5 merci beaucoup encore.
0
Réponse 28 / 47
hemve17
6 mai 2011 à 18:20
Bonjour,

Je viens moi aussi de subir ce virus "XP Anti-spyware", je ne sais pas si c'est celui de 2009, 2010, ou 2011. Cependant, en lisant les différents post, il correspondait bien à vos descriptions. J'ai téléchargé les différentes applications conseillées pour l'éliminer.
Avant de commencer ce fastidieux travail, j'ai eu l'idée de faire un scan au démarrage du PC, avant que windows n'apparaisse, avec Avast 5.
Le scan a bien évidemment duré un bon moment mais il a détecté plusieurs cochonneries sur mon disque et m'a nettoyé l'ensemble en me mettant en quarantaine les intrus.
Au démarrage de l'ordi je n'avais plus aucune manifestation de ce virus.
Par contre quelques soucis sont apparus tel que l'impossibilité de lancer des applications, je pense que le virus a été héradiqué mais en enlevant des DLL.
Partant de ce constat, j'ai effectué une réparation de windows XP par le biais du cd d'installation. Tout c'est correctement déroulé.
Maintenant, je ne peux pas affirmer que cette solution est la bonne pour tout le monde, ne l'ayant pas essayée sur une autre bécane, mais elle peut éviter d'en arriver au formatage et à la réinstallation du système pour certains.
J'espère avoir pu aidé la communauté, salut à tous.
0
Réponse 29 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
8 oct. 2008 à 19:12
Salut,

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
-1
REBUS
9 oct. 2008 à 18:28
Merci j'ai eu le même problème depuis le 7 octobre 2008 et le 8 c'est là que je suis venu à tout hasard.
J'ai fait ce que vous avez conseillé sauf que je n'ai pas réussi à enregistrer le rapport et le poster au tutorial.
Mais résultat très positif.Le rogue est parti encore merci.
rébus
0
Koposs Messages postés 26 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 10 février 2011 1
27 janv. 2009 à 11:16
Merci Destroi MalwareByte's Anti-Malware a tout enlever.
Pour note : ce virus m'a bloque Firefox et aussi IE, il a rendu la connexion tres lente aussi.
Maintenant tout va bien.
0
Nadias-ss
18 avril 2011 à 22:04
Merci bcp,suite a tes instructions tts les virus et les applictions sont ete supprimes.
Mais j;ai un prbl c'est qu'en retournant sur le mode normale,tts mes applications et programmes sont disparus comme :firefox,skype,words....tts,lorsque je click sur n'importe qu;elle icone ''application non trouvee'',voici le code apres l'utilisation du malwarebyte's,merci pour votre aide.
j'attends votre reponse.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6391

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

18/04/2011 09:36:29 ?
mbam-log-2011-04-18 (21-36-29).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 181154
Temps écoulé: 6 minute(s), 35 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Bassam\local settings\application data\cnv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\dll.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\haq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\hch.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\ijo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\jhn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\mtx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\qao.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\quc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\ugb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\uku.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\was.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Bassam\local settings\application data\xgy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 30 / 47
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
8 oct. 2008 à 21:48
voila le rapport : (merci d'avance)

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1244
Windows 5.1.2600 Service Pack 2

08/10/2008 21:46:47
mbam-log-2008-10-08 (21-46-47).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 232605
Temps écoulé: 2 hour(s), 5 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 21
Fichier(s) infecté(s): 236

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Svconr (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4115 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Updater\4115 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\JavaCore\UnInstall.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218367.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4115\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Updater\4115\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\VideoEgg\Updater\4115\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb38a3b71.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb38a3b71.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
-1
Réponse 31 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
8 oct. 2008 à 21:51
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
-1
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
9 oct. 2008 à 18:35
Voila le scan de ComboFix ...



ComboFix 08-10-08.05 - HP_Propriétaire 2008-10-09 17:54:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.596 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Propriétaire\Application Data\ECURIT~1
C:\Documents and Settings\HP_Propriétaire\Mes documents\PPATCH~1
C:\Program Files\INSTALL.LOG
C:\Program Files\Movie Maker\profsywuy.html
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\[u]0/u0298A66
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\axoyikpk.ini
C:\WINDOWS\system32\dnbtowpk.ini
C:\WINDOWS\system32\dNnqBcfe.ini
C:\WINDOWS\system32\dNnqBcfe.ini2
C:\WINDOWS\system32\eyusokk.dat
C:\WINDOWS\system32\eyusokk.exe
C:\WINDOWS\system32\eyusokk_nav.dat
C:\WINDOWS\system32\eyusokk_navps.dat
C:\WINDOWS\system32\eyusokk_navup.dat
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ibrkgytj.ini
C:\WINDOWS\system32\lpatdwhs.ini
C:\WINDOWS\system32\molrfbij.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\radnwnuv.ini
C:\WINDOWS\system32\yrxcstac.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-09 06:47 . 2008-10-09 06:47 118,784 --a------ C:\WINDOWS\system32\gdqfytmt.exe
2008-10-08 20:01 . 2008-10-08 20:02 <REP> d-------- C:\rsit
2008-10-08 20:01 . 2008-10-08 20:02 <REP> d-------- C:\Program Files\trend micro
2008-10-08 18:38 . 2008-10-08 18:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 18:38 . 2008-10-08 18:38 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-10-08 18:38 . 2008-10-08 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 18:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 18:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 17:02 . 2008-10-09 13:05 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-10-08 13:15 . 2008-10-08 13:15 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-08 13:09 . 2008-10-08 13:09 19,628 --a------ C:\Program Files\Fichiers communs\juzisodyvi.reg
2008-10-08 13:09 . 2008-10-08 13:09 18,511 --a------ C:\WINDOWS\piwego.com
2008-10-08 13:09 . 2008-10-08 13:09 18,409 --a------ C:\Program Files\Fichiers communs\jeroqejo.exe
2008-10-08 13:09 . 2008-10-08 13:09 18,096 --a------ C:\Documents and Settings\All Users\Application Data\icifyfynol.bin
2008-10-08 13:09 . 2008-10-08 13:09 17,605 --a------ C:\WINDOWS\system32\umihutilan.pif
2008-10-08 13:09 . 2008-10-08 13:09 17,425 --a------ C:\WINDOWS\system32\tovecyjino.inf
2008-10-08 13:09 . 2008-10-08 13:09 16,101 --a------ C:\WINDOWS\system32\recemez.dat
2008-10-08 13:09 . 2008-10-08 13:09 15,708 --a------ C:\WINDOWS\jihiduce.com
2008-10-08 13:09 . 2008-10-08 13:09 13,859 --a------ C:\WINDOWS\hiqehiqu.dl
2008-10-08 13:09 . 2008-10-08 13:09 13,102 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\yzyquhusy.sys
2008-10-08 13:09 . 2008-10-08 13:09 10,577 --a------ C:\WINDOWS\ugelapekab.bat
2008-10-08 13:09 . 2008-10-08 13:09 10,415 --a------ C:\WINDOWS\dafugenil.scr
2008-10-08 13:01 . 2008-10-08 13:01 19,782 --a------ C:\WINDOWS\qumahywe.bin
2008-10-08 13:01 . 2008-10-08 13:01 16,904 --a------ C:\WINDOWS\zysozi.com
2008-10-08 13:01 . 2008-10-08 13:01 14,920 --a------ C:\WINDOWS\feqos.sys
2008-10-08 13:01 . 2008-10-08 13:01 14,792 --a------ C:\WINDOWS\folidery.bin
2008-10-08 13:01 . 2008-10-08 13:01 14,432 --a------ C:\WINDOWS\vepe.dat
2008-10-08 13:01 . 2008-10-08 13:01 13,354 --a------ C:\Program Files\Fichiers communs\cicota.exe
2008-10-08 13:01 . 2008-10-08 13:01 13,309 --a------ C:\WINDOWS\kyxijola._dl
2008-10-08 13:01 . 2008-10-08 13:01 12,185 --a------ C:\Program Files\Fichiers communs\cesizuzu.sys
2008-10-08 13:01 . 2008-10-08 13:01 10,974 --a------ C:\WINDOWS\gujovupamo.exe
2008-10-08 13:01 . 2008-10-08 13:01 10,232 --a------ C:\WINDOWS\witu.reg
2008-10-08 13:01 . 2008-10-08 13:01 10,066 --a------ C:\WINDOWS\wijewoked.vbs
2008-10-08 08:54 . 2008-10-08 08:54 19,750 --a------ C:\WINDOWS\utohut.reg
2008-10-08 08:54 . 2008-10-08 08:54 18,786 --a------ C:\WINDOWS\obimyseh.dat
2008-10-08 08:54 . 2008-10-08 08:54 18,106 --a------ C:\WINDOWS\epudura._sy
2008-10-08 08:54 . 2008-10-08 08:54 16,984 --a------ C:\Documents and Settings\All Users\Application Data\opilulu.vbs
2008-10-08 08:54 . 2008-10-08 08:55 15,464 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\diroxisupe.com
2008-10-08 08:54 . 2008-10-08 08:54 15,112 --a------ C:\WINDOWS\system32\igep.scr
2008-10-08 08:54 . 2008-10-08 08:54 14,457 --a------ C:\Documents and Settings\All Users\Application Data\iwagynij.pif
2008-10-08 08:54 . 2008-10-08 08:54 14,068 --a------ C:\WINDOWS\lymaqifana._dl
2008-10-08 08:54 . 2008-10-08 08:54 11,185 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\wedevaf.sys
2008-10-08 08:54 . 2008-10-08 08:54 10,680 --a------ C:\WINDOWS\anoguzoki._dl
2008-10-08 08:54 . 2008-10-08 08:54 10,419 --a------ C:\WINDOWS\system32\yzezuzud.db
2008-10-08 08:14 . 2008-10-08 08:14 19,266 --a------ C:\WINDOWS\vakava.dat
2008-10-08 08:14 . 2008-10-08 08:14 18,980 --a------ C:\WINDOWS\sava.ban
2008-10-08 08:14 . 2008-10-08 08:14 18,651 --a------ C:\Program Files\Fichiers communs\nuzumagi.sys
2008-10-08 08:14 . 2008-10-08 08:14 18,345 --a------ C:\WINDOWS\bahaqeruqo.dll
2008-10-08 08:14 . 2008-10-08 08:14 16,516 --a------ C:\WINDOWS\system32\zanuqy.ban
2008-10-08 08:14 . 2008-10-08 08:14 15,130 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\pexijomo.scr
2008-10-08 08:14 . 2008-10-08 08:14 14,821 --a------ C:\WINDOWS\wurada.bin
2008-10-08 08:14 . 2008-10-08 08:14 14,314 --a------ C:\Program Files\Fichiers communs\yzybesawu.vbs
2008-10-08 08:14 . 2008-10-08 08:14 13,763 --a------ C:\WINDOWS\qobevoni.vbs
2008-10-08 08:14 . 2008-10-08 08:14 13,269 --a------ C:\Documents and Settings\All Users\Application Data\pigydunu.bin
2008-10-08 08:14 . 2008-10-08 08:14 12,082 --a------ C:\Documents and Settings\All Users\Application Data\jiwocibivu.scr
2008-10-08 08:14 . 2008-10-08 08:14 11,462 --a------ C:\WINDOWS\fukirawu.exe
2008-10-08 08:14 . 2008-10-08 08:14 10,213 --a------ C:\WINDOWS\system32\ypywyb.dl
2008-10-08 08:12 . 2008-10-08 18:47 65,428 --a------ C:\WINDOWS\system32\wini104552502.exe
2008-10-05 19:13 . 2008-10-05 19:13 1,121,290 --a------ C:\WINDOWS\Babar 1.exe
2008-10-05 19:13 . 2008-10-05 19:13 312,324 --a------ C:\WINDOWS\Babar 1.scr
2008-10-05 19:13 . 2008-10-05 19:13 40,960 --a------ C:\WINDOWS\Babar 1.dll
2008-10-05 19:13 . 2008-10-05 19:13 18,192 --a------ C:\WINDOWS\Babar 1.dat
2008-10-03 18:49 . 2008-10-09 06:48 <REP> d-------- C:\Program Files\yjfcjyb
2008-10-03 18:49 . 2008-10-09 06:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fizqlwvo
2008-10-03 08:26 . 2008-10-03 08:26 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-09-25 16:55 . 2008-09-25 17:00 <REP> d-------- C:\Program Files\SM
2008-09-12 19:17 . 2008-09-12 19:17 <REP> d-------- C:\divx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-08 11:01 15,676 ----a-w C:\Program Files\Fichiers communs\toxyji.dl
2008-10-08 11:01 10,690 ----a-w C:\Program Files\Fichiers communs\osihotopa.ban
2008-10-08 06:57 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer
2008-10-08 06:54 12,597 ----a-w C:\Program Files\Fichiers communs\iwawasosy.ban
2008-10-08 06:14 10,647 ----a-w C:\Program Files\Fichiers communs\luhe.ban
2008-10-07 14:50 47,312 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-10-06 14:48 --------- d-----w C:\Program Files\PhotoFiltre
2008-10-05 17:51 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Corel
2008-10-03 06:26 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-09-28 13:53 --------- d-----w C:\Program Files\Free Music Zilla
2008-09-16 17:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DivX
2008-09-12 17:15 --------- d-----w C:\Program Files\DivX
2008-09-11 20:11 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FMZilla
2008-09-07 18:54 --------- d-----w C:\Program Files\ALCATEL PC Suite
2008-09-06 19:03 --------- d-----w C:\Program Files\Screamer Radio
2008-09-02 18:46 --------- d-----w C:\Program Files\Apple Software Update
2008-08-31 17:07 --------- d-----w C:\Program Files\iTunes
2008-08-31 17:06 --------- d-----w C:\Program Files\iPod
2008-08-31 16:59 --------- d-----w C:\Program Files\Safari
2008-08-30 19:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 09:05 --------- d-----w C:\Program Files\Easy GIF Animator
2008-08-28 20:02 --------- d-----w C:\Program Files\Livre Album Fuji Photo
2008-08-28 20:00 --------- d-----w C:\Program Files\Passware
2008-08-20 15:01 --------- d-----w C:\Program Files\TrueCrypt
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-04-27 10:41 169,240 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-07-13 22:04 2,776,064 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe
2008-04-09 10:56 168 --sh--r C:\WINDOWS\system32\9C7F7C87DA.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-17 68856]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-01-22 985088]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"ComMsgInfo"="C:\WINDOWS\system32\gdqfytmt.exe" [2008-10-09 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]

C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [2008-04-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"VIDC.MJPG"= mtkjpeg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BMb38a3b71"=Rundll32.exe "C:\WINDOWS\system32\eljbwhex.dll",s
"b0b908ed"=rundll32.exe "C:\WINDOWS\system32\ynrdvsla.dll",b
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 AVWEBCAM;AV WebCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\avwebcam.sys [2005-11-22 215552]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 335360]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 24544]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2007-11-02 181784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 19034]
S3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 507136]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\dvd-rom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb9ab96-4e98-11dd-9b4e-001167558f42}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69b81bd2-2760-11dd-9b33-001167558f42}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-09 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-04-09 13:22]

2008-10-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 19:22]

2008-10-09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C51C26-58D8-43C1-967F-E06B1B92078E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-brastk - C:\WINDOWS\system32\brastk.exe
HKLM-Run-eyusokk - c:\windows\system32\eyusokk.exe
HKLM-Explorer_Run-2WcEr01sW5 - C:\Documents and Settings\All Users\Application Data\fizqlwvo\tuhinqpu.exe
Notify-cbXRhGWN - cbXRhGWN.dll
Notify-pmnoolm - pmnoolm.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\cjxde4uz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 18:01:24
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-09 18:08:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-09 16:08:42

Avant-CF: 33 910 181 888 octets libres
Après-CF: 35,267,112,960 octets libres

284 --- E O F --- 2008-09-24 01:03:22
-1
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297 > passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
9 oct. 2008 à 19:14
/!\ Seul passpartt peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
C:\WINDOWS\system32\gdqfytmt.exe
C:\Program Files\Fichiers communs\juzisodyvi.reg
C:\WINDOWS\piwego.com
C:\Program Files\Fichiers communs\jeroqejo.exe
C:\Documents and Settings\All Users\Application Data\icifyfynol.bin
C:\WINDOWS\system32\umihutilan.pif
C:\WINDOWS\system32\tovecyjino.inf
C:\WINDOWS\system32\recemez.dat
C:\WINDOWS\jihiduce.com
C:\WINDOWS\hiqehiqu.dl
C:\Documents and Settings\HP_Propriétaire\Application Data\yzyquhusy.sys
C:\WINDOWS\ugelapekab.bat
C:\WINDOWS\dafugenil.scr
C:\WINDOWS\qumahywe.bin
C:\WINDOWS\zysozi.com
C:\WINDOWS\feqos.sys
C:\WINDOWS\folidery.bin
C:\WINDOWS\vepe.dat
C:\Program Files\Fichiers communs\cicota.exe
C:\WINDOWS\kyxijola._dl
C:\Program Files\Fichiers communs\cesizuzu.sys
C:\WINDOWS\gujovupamo.exe
C:\WINDOWS\witu.reg
C:\WINDOWS\wijewoked.vbs
C:\WINDOWS\utohut.reg
C:\WINDOWS\obimyseh.dat
C:\WINDOWS\epudura._sy
C:\Documents and Settings\All Users\Application Data\opilulu.vbs
C:\Documents and Settings\HP_Propriétaire\Application Data\diroxisupe.com
C:\WINDOWS\system32\igep.scr
C:\Documents and Settings\All Users\Application Data\iwagynij.pif
C:\WINDOWS\lymaqifana._dl
C:\Documents and Settings\HP_Propriétaire\Application Data\wedevaf.sys
C:\WINDOWS\anoguzoki._dl
C:\WINDOWS\system32\yzezuzud.db
C:\WINDOWS\vakava.dat
C:\WINDOWS\sava.ban
C:\Program Files\Fichiers communs\nuzumagi.sys
C:\WINDOWS\bahaqeruqo.dll
C:\WINDOWS\system32\zanuqy.ban
C:\Documents and Settings\HP_Propriétaire\Application Data\pexijomo.scr
C:\WINDOWS\wurada.bin
C:\Program Files\Fichiers communs\yzybesawu.vbs
C:\WINDOWS\qobevoni.vbs
C:\Documents and Settings\All Users\Application Data\pigydunu.bin
C:\Documents and Settings\All Users\Application Data\jiwocibivu.scr
C:\WINDOWS\fukirawu.exe
C:\WINDOWS\system32\ypywyb.dl
C:\WINDOWS\system32\wini104552502.exe
C:\WINDOWS\Babar 1.exe
C:\WINDOWS\Babar 1.scr
C:\WINDOWS\Babar 1.dll
C:\WINDOWS\Babar 1.dat
C:\Program Files\Fichiers communs\toxyji.dl
C:\Program Files\Fichiers communs\osihotopa.ban
C:\Program Files\Fichiers communs\iwawasosy.ban
C:\Program Files\Fichiers communs\luhe.ban
C:\WINDOWS\system32\9C7F7C87DA.sys
C:\WINDOWS\system32\eljbwhex.dll
C:\WINDOWS\system32\ynrdvsla.dll

Folder::
C:\Documents and Settings\All Users\Application Data\fizqlwvo
C:\Program Files\yjfcjyb

DirLook::
C:\Program Files\SM

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComMsgInfo"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BMb38a3b71"=-
"b0b908ed"=-
"KernelFaultCheck"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb9ab96-4e98-11dd-9b4e-001167558f42}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69b81bd2-2760-11dd-9b33-001167558f42}]







---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
-1
Réponse 32 / 47
didou146 Messages postés 2 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 9 octobre 2008
9 oct. 2008 à 12:43
Bonjour a tous,

J'ai le meme probleme depuis hier

Pouvez vous m'aidez ???

Je vais deja installer Malwarebyte et analyser et mode sans echec et sauvegarder le rapport

Merci
-1
Nilou17 Messages postés 2349 Date d'inscription samedi 13 août 2005 Statut Modérateur Dernière intervention 3 janvier 2022 1 475
9 oct. 2008 à 17:39
Bonjour Didou146 ! :-))

Vous venez de répondre à un message en cours.
Pour une meilleure lisibilité, merci de créer votre propre message dans le forum.


Il vous suffit de cliquer sur ce lien : Ecrire un nouveau message dans le forum Virus-Sécurité
Remplissez les champs demandés, et envoyez votre message.


Merci de votre compréhension.
-1
Réponse 33 / 47
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
9 oct. 2008 à 19:52
Voila voila...


ComboFix 08-10-08.05 - HP_Propriétaire 2008-10-09 19:31:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.662 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Documents and Settings\All Users\Application Data\icifyfynol.bin
C:\Documents and Settings\All Users\Application Data\iwagynij.pif
C:\Documents and Settings\All Users\Application Data\jiwocibivu.scr
C:\Documents and Settings\All Users\Application Data\opilulu.vbs
C:\Documents and Settings\All Users\Application Data\pigydunu.bin
C:\Documents and Settings\HP_Propriétaire\Application Data\diroxisupe.com
C:\Documents and Settings\HP_Propriétaire\Application Data\pexijomo.scr
C:\Documents and Settings\HP_Propriétaire\Application Data\wedevaf.sys
C:\Documents and Settings\HP_Propriétaire\Application Data\yzyquhusy.sys
C:\Program Files\Fichiers communs\cesizuzu.sys
C:\Program Files\Fichiers communs\cicota.exe
C:\Program Files\Fichiers communs\iwawasosy.ban
C:\Program Files\Fichiers communs\jeroqejo.exe
C:\Program Files\Fichiers communs\juzisodyvi.reg
C:\Program Files\Fichiers communs\luhe.ban
C:\Program Files\Fichiers communs\nuzumagi.sys
C:\Program Files\Fichiers communs\osihotopa.ban
C:\Program Files\Fichiers communs\toxyji.dl
C:\Program Files\Fichiers communs\yzybesawu.vbs
C:\WINDOWS\anoguzoki._dl
C:\WINDOWS\Babar 1.dat
C:\WINDOWS\Babar 1.dll
C:\WINDOWS\Babar 1.exe
C:\WINDOWS\Babar 1.scr
C:\WINDOWS\bahaqeruqo.dll
C:\WINDOWS\dafugenil.scr
C:\WINDOWS\epudura._sy
C:\WINDOWS\feqos.sys
C:\WINDOWS\folidery.bin
C:\WINDOWS\fukirawu.exe
C:\WINDOWS\gujovupamo.exe
C:\WINDOWS\hiqehiqu.dl
C:\WINDOWS\jihiduce.com
C:\WINDOWS\kyxijola._dl
C:\WINDOWS\lymaqifana._dl
C:\WINDOWS\obimyseh.dat
C:\WINDOWS\piwego.com
C:\WINDOWS\qobevoni.vbs
C:\WINDOWS\qumahywe.bin
C:\WINDOWS\sava.ban
C:\WINDOWS\system32\9C7F7C87DA.sys
C:\WINDOWS\system32\eljbwhex.dll
C:\WINDOWS\system32\gdqfytmt.exe
C:\WINDOWS\system32\igep.scr
C:\WINDOWS\system32\recemez.dat
C:\WINDOWS\system32\tovecyjino.inf
C:\WINDOWS\system32\umihutilan.pif
C:\WINDOWS\system32\wini104552502.exe
C:\WINDOWS\system32\ynrdvsla.dll
C:\WINDOWS\system32\ypywyb.dl
C:\WINDOWS\system32\yzezuzud.db
C:\WINDOWS\system32\zanuqy.ban
C:\WINDOWS\ugelapekab.bat
C:\WINDOWS\utohut.reg
C:\WINDOWS\vakava.dat
C:\WINDOWS\vepe.dat
C:\WINDOWS\wijewoked.vbs
C:\WINDOWS\witu.reg
C:\WINDOWS\wurada.bin
C:\WINDOWS\zysozi.com
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\fizqlwvo
C:\Documents and Settings\All Users\Application Data\icifyfynol.bin
C:\Documents and Settings\All Users\Application Data\iwagynij.pif
C:\Documents and Settings\All Users\Application Data\jiwocibivu.scr
C:\Documents and Settings\All Users\Application Data\opilulu.vbs
C:\Documents and Settings\All Users\Application Data\pigydunu.bin
C:\Documents and Settings\HP_Propriétaire\Application Data\diroxisupe.com
C:\Documents and Settings\HP_Propriétaire\Application Data\pexijomo.scr
C:\Documents and Settings\HP_Propriétaire\Application Data\wedevaf.sys
C:\Documents and Settings\HP_Propriétaire\Application Data\yzyquhusy.sys
C:\Program Files\Fichiers communs\cesizuzu.sys
C:\Program Files\Fichiers communs\cicota.exe
C:\Program Files\Fichiers communs\iwawasosy.ban
C:\Program Files\Fichiers communs\jeroqejo.exe
C:\Program Files\Fichiers communs\juzisodyvi.reg
C:\Program Files\Fichiers communs\luhe.ban
C:\Program Files\Fichiers communs\nuzumagi.sys
C:\Program Files\Fichiers communs\osihotopa.ban
C:\Program Files\Fichiers communs\toxyji.dl
C:\Program Files\Fichiers communs\yzybesawu.vbs
C:\Program Files\yjfcjyb
C:\WINDOWS\anoguzoki._dl
C:\WINDOWS\Babar 1.dat
C:\WINDOWS\Babar 1.dll
C:\WINDOWS\Babar 1.exe
C:\WINDOWS\Babar 1.scr
C:\WINDOWS\bahaqeruqo.dll
C:\WINDOWS\dafugenil.scr
C:\WINDOWS\epudura._sy
C:\WINDOWS\feqos.sys
C:\WINDOWS\folidery.bin
C:\WINDOWS\fukirawu.exe
C:\WINDOWS\gujovupamo.exe
C:\WINDOWS\hiqehiqu.dl
C:\WINDOWS\jihiduce.com
C:\WINDOWS\kyxijola._dl
C:\WINDOWS\lymaqifana._dl
C:\WINDOWS\obimyseh.dat
C:\WINDOWS\piwego.com
C:\WINDOWS\qobevoni.vbs
C:\WINDOWS\qumahywe.bin
C:\WINDOWS\sava.ban
C:\WINDOWS\system32\9C7F7C87DA.sys
C:\WINDOWS\system32\eljbwhex.dll
C:\WINDOWS\system32\gdqfytmt.exe
C:\WINDOWS\system32\igep.scr
C:\WINDOWS\system32\recemez.dat
C:\WINDOWS\system32\tovecyjino.inf
C:\WINDOWS\system32\umihutilan.pif
C:\WINDOWS\system32\wini104552502.exe
C:\WINDOWS\system32\ypywyb.dl
C:\WINDOWS\system32\yzezuzud.db
C:\WINDOWS\system32\zanuqy.ban
C:\WINDOWS\ugelapekab.bat
C:\WINDOWS\utohut.reg
C:\WINDOWS\vakava.dat
C:\WINDOWS\vepe.dat
C:\WINDOWS\wijewoked.vbs
C:\WINDOWS\witu.reg
C:\WINDOWS\wurada.bin
C:\WINDOWS\zysozi.com

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-08 20:01 . 2008-10-08 20:02 <REP> d-------- C:\rsit
2008-10-08 20:01 . 2008-10-08 20:02 <REP> d-------- C:\Program Files\trend micro
2008-10-08 18:38 . 2008-10-08 18:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 18:38 . 2008-10-08 18:38 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-10-08 18:38 . 2008-10-08 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 18:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 18:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 17:02 . 2008-10-09 13:05 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-10-08 13:15 . 2008-10-08 13:15 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-03 08:26 . 2008-10-03 08:26 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-09-25 16:55 . 2008-09-25 17:00 <REP> d-------- C:\Program Files\SM
2008-09-12 19:17 . 2008-09-12 19:17 <REP> d-------- C:\divx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-08 06:57 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer
2008-10-07 14:50 47,312 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-10-06 14:48 --------- d-----w C:\Program Files\PhotoFiltre
2008-10-05 17:51 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Corel
2008-10-05 17:49 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-03 06:26 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-09-28 13:53 --------- d-----w C:\Program Files\Free Music Zilla
2008-09-16 17:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DivX
2008-09-12 17:15 --------- d-----w C:\Program Files\DivX
2008-09-11 20:11 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FMZilla
2008-09-07 18:54 --------- d-----w C:\Program Files\ALCATEL PC Suite
2008-09-06 19:03 --------- d-----w C:\Program Files\Screamer Radio
2008-09-02 18:46 --------- d-----w C:\Program Files\Apple Software Update
2008-08-31 17:07 --------- d-----w C:\Program Files\iTunes
2008-08-31 17:06 --------- d-----w C:\Program Files\iPod
2008-08-31 16:59 --------- d-----w C:\Program Files\Safari
2008-08-30 19:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 09:05 --------- d-----w C:\Program Files\Easy GIF Animator
2008-08-28 20:02 --------- d-----w C:\Program Files\Livre Album Fuji Photo
2008-08-28 20:00 --------- d-----w C:\Program Files\Passware
2008-08-20 15:01 --------- d-----w C:\Program Files\TrueCrypt
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-04-27 10:41 169,240 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-07-13 22:04 2,776,064 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-03-19 18:13 6,422,611 ----a-w C:\Program Files\frostwire-4.13.1.6.windows.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\SM ----



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-17 68856]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-01-22 985088]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]

C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [2008-04-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"VIDC.MJPG"= mtkjpeg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 AVWEBCAM;AV WebCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\avwebcam.sys [2005-11-22 215552]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 335360]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 24544]
R3 tcpip_patcher;tcpip_patcher;C:\Program Files\Ares\tcpip_patcher.sys [2005-10-26 15744]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2007-11-02 181784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 19034]
S3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 507136]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

*Newly Created Service* - TCPIP_PATCHER
.
Contenu du dossier 'Tâches planifiées'

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-09 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-04-09 13:22]

2008-10-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 19:22]

2008-10-09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3C51C26-58D8-43C1-967F-E06B1B92078E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 19:36:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger Plus! Live\Log Viewer.exe
.
**************************************************************************
.
Heure de fin: 2008-10-09 19:46:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-09 17:46:08
ComboFix2.txt 2008-10-09 16:08:46

Avant-CF: 35 239 944 192 octets libres
Après-CF: 35,237,240,832 octets libres

306 --- E O F --- 2008-09-24 01:03:22
-1
Réponse 34 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
9 oct. 2008 à 20:01
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
-1
Réponse 35 / 47
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
9 oct. 2008 à 20:27
C'est ça ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:30, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B54E29C-EC16-4BEF-BB24-E950A9F7E673}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B54E29C-EC16-4BEF-BB24-E950A9F7E673}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
-1
Réponse 36 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
9 oct. 2008 à 20:37
---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

---> Installe Antivir, fais un scan complet et poste le rapport :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir
-1
Réponse 37 / 47
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
10 oct. 2008 à 17:14
Voila le scan d'antivir !


Avira AntiVir Personal
Report file date: jeudi 9 octobre 2008 21:33

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HP

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 9 octobre 2008 21:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PSIService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'LckFldService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Program Files\Movie Maker\profsywuy.html.vir
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\QooBox\Quarantine\C\WINDOWS\system32\eljbwhex.dll.vir
[DETECTION] Is the TR/Monder.99904 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP911\A0218278.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49213f85.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218388.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bc7.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218390.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bcd.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218392.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bd1.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218394.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bd5.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218395.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '49216bd8.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218396.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bda.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218397.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49216bdd.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218400.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216be1.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218401.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216be5.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218402.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48837896.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218414.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216be7.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218415.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48837898.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218416.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216be9.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218417.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4883789a.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218418.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216beb.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218419.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216be6.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218420.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48837897.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218421.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49216be8.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218422.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48837899.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218423.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bea.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218424.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4883789b.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218425.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bec.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218427.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4883789d.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218428.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bee.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218478.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4883789c.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218479.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49216bed.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218482.cpl
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4883789e.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218494.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49216bef.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218496.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48837880.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218500.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49216bf1.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218501.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48837882.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218503.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4883789f.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218504.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49216bd0.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0218505.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '488378a1.qua'!
C:\WINDOWS\system32\bdjhivsu.dll
[DETECTION] Is the TR/Monder.IK Trojan
[NOTE] The file was moved to '49596ef7.qua'!
C:\WINDOWS\system32\dyxyylfu.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49676f1c.qua'!
C:\WINDOWS\system32\fexmbvky.dll
[DETECTION] Is the TR/Monder.99328 Trojan
[NOTE] The file was moved to '49676f09.qua'!
C:\WINDOWS\system32\fteprmrn.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49546f1a.qua'!
C:\WINDOWS\system32\gacxonwb.dll
[DETECTION] Is the TR/Monder.GZ Trojan
[NOTE] The file was moved to '49526f07.qua'!
C:\WINDOWS\system32\gbfngbhx.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49556f09.qua'!
C:\WINDOWS\system32\gugxbjio.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49566f1c.qua'!
C:\WINDOWS\system32\hrchmdlx.VIR
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49526f1b.qua'!
C:\WINDOWS\system32\jpohrtbw.dll
[DETECTION] Is the TR/Monder.IK Trojan
[NOTE] The file was moved to '495e6f1e.qua'!
C:\WINDOWS\system32\kpquwwls.dll
[DETECTION] Is the TR/Monder.DO Trojan
[NOTE] The file was moved to '49606f20.qua'!
C:\WINDOWS\system32\lhofrtgv.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495e6f1a.qua'!
C:\WINDOWS\system32\maafyecj.exe
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49506f16.qua'!
C:\WINDOWS\system32\nfflcxur.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49556f28.qua'!
C:\WINDOWS\system32\nielccyw.dll
[DETECTION] Is the TR/Monder.IO Trojan
[NOTE] The file was moved to '49546f2b.qua'!
C:\WINDOWS\system32\nudmwikb.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49536f39.qua'!
C:\WINDOWS\system32\oytqojuw.dll
[DETECTION] Is the TR/Vundo.EMP Trojan
[NOTE] The file was moved to '49636f3f.qua'!
C:\WINDOWS\system32\rphgpsbq.dll
[DETECTION] Is the TR/Vundo.EMI Trojan
[NOTE] The file was moved to '49576f3d.qua'!
C:\WINDOWS\system32\rpjjiqvk.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49596f3d.qua'!
C:\WINDOWS\system32\rvqpwgci.VIR
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49606f43.qua'!
C:\WINDOWS\system32\sebyhhfo.exe
[DETECTION] Is the TR/Lowzones.SG Trojan
[NOTE] The file was moved to '49516f33.qua'!
C:\WINDOWS\system32\swufqccm.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49646f49.qua'!
C:\WINDOWS\system32\tgpwdcsv.dll
[DETECTION] Is the TR/Monder.IX Trojan
[NOTE] The file was moved to '495f6f3b.qua'!
C:\WINDOWS\system32\wdknnrcq.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495a6f3c.qua'!
C:\WINDOWS\system32\xaalpphu.dll
[DETECTION] Is the TR/Vundo.EMQ Trojan
[NOTE] The file was moved to '49506f45.qua'!
C:\WINDOWS\system32\xehkgcpe.exe
[DETECTION] Is the TR/PrivacySet.A Trojan
[NOTE] The file was moved to '49576f4a.qua'!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: vendredi 10 octobre 2008 17:12
Used time: 19:39:09 Hour(s)

The scan has been done completely.

16511 Scanning directories
676602 Files were scanned
61 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
1 files were deleted
0 files were repaired
60 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
676539 Files not concerned
18539 Archives were scanned
6 Warnings
62 Notes
-1
Réponse 38 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 oct. 2008 à 19:23
Poste le nouveau rapport HijackThis.
-1
Réponse 39 / 47
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 oct. 2008 à 19:40
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: &Search - ?p=ZN

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis
-1
Réponse 40 / 47
passpartt Messages postés 11 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 30 mars 2012
10 oct. 2008 à 21:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:14, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\LckFldService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B54E29C-EC16-4BEF-BB24-E950A9F7E673}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B54E29C-EC16-4BEF-BB24-E950A9F7E673}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
-1