rapport hijachis

Question

Bonjour,Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:14, on 22/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [wgkum] "c:\documents and settings\fabrice chambe\local settings\application data\wgkum.exe" wgkum
O4 - HKLM\..\Policies\Explorer\Run: [TpN1NmEGQ3] C:\Documents and Settings\All Users.WINDOWS\Application Data\hgvwlaxg\pglyryds.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

chimay8 · Answer

http://www.technicland.com/malpolitus.swf 
http://img139.imageshack.us/img139/8973/notdistrimq9.jpg 
http://dominguez.francois.free.fr/politesse.html

BlackLexa · Answer

lol

ric025 · Answer

Pas mal la première animation!

BlackLexa · Answer

O4 - HKLM\..\Policies\Explorer\Run: [TpN1NmEGQ3] C:\Documents and Settings\All Users.WINDOWS\Application Data\hgvwlaxg\pglyryds.exe  => inconnu et nasty

chimay8 · Answer

faut pas se fier aux robots,sont toujours en retard d'une guerre
ta ligne ces du adware lop
et juste au-dessus c'est magic.control

BlackLexa · Answer

ok, et sinon comment t'a repéré adware lop  et magic control  stp ?

fabou · Answer

mon ordi rame

chimay8 · Answer

et sinon comment t'a repéré adware lop et magic control stp

les lignes sont typique

fabou
fais ceci

L'infection viens parfois avec ces programmes la:
* Live-Player (live-player.com)
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Sudoplanet
* games-desktop.com
* WebMediaplayer

vérifie si présent dans ajout/suppression des programmes;si oui tu vires

ensuite

Télécharge Navilog1.exe de il mafioso  

Note : Si, lors du téléchargement, ton Antivirus fais une alerte, ignore-là, un composant de Navilog1 est détecté par certains AntiVirus comme étant un Malware . 
Ce n'en est nullement un ! 

* Choisis Enregistrer sous.... et enregistre-le sur ton bureau. 
* Ensuite double clique sur navilog1.exe pour lancer l'installation. 
 
Une fois l'installation terminée, fais un clic droit sur le raccourci Navilog1
présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valide. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

* Patiente jusqu'au message : 
***Analyse Termine le.....*** 
* Appuie sur une touche comme demandé, le bloc-note va s'ouvrir. 
* Copie/colle l'intégralité du rapport dans ta réponse. 
Referme le bloc-note. 

* Le rapport est en outre sauvegardé à la racine du disque C:\ (fixnavi.txt) 

Copie/colle le ici dans ta prochaine réponse stp.

BlackLexa · Answer

ok, merci pour le rens :)

fabou · Answer

j arrive pas a telecharger navilog

BlackLexa · Answer

=> change de navigateur ! :)

fabou · Answer

c est a dire

BlackLexa · Answer

http://download.cdn.mozilla.net/pub/firefox/releases/3.0.3/win32/fr/Firefox%20Setup%203.0.3.exe

chimay8 · Answer

quand je clique sur mon lien il fonctionne

c'est quoi qui va pas?

fabou · Answer

je n arrive pas a ouvrir navilog

BlackLexa · Answer

"quand je clique sur mon lien il fonctionne "=> tu parles de quel lien ?

fabou · Answer

sur navilog1.exe

chimay8 · Answer

donc quand tu cliques sur navilog1.exe y a rien qui ce passe?

chimay8 · Answer

essaye ici

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

fabou · Answer

si ca m ouvre une fenetre telechargement de fichier je clique sur enregistrer ca l enregistre apres je peut pas l ouvrir

chimay8 · Answer

clic droit puis éxécuter en tant qu'administrateur

si marche pas

essaye par zip

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

fabou · Answer

Search Navipromo version 3.6.6 commencé le 22/10/2008 à 17:43:39,48

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "fabrice chambe" 

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit
MessengerSkinner

*** Recherche dossiers dans "C:\WINDOWS" ***

C:\WINDOWS\mslagent trouvé !

*** Recherche dossiers dans "C:\Program Files" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\fabrice chambe\applic~1" *** 

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\cedric\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\chambe\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\fabrice chambe\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\cedric\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\chambe\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\fabrice chambe\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\cedric\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\chambe\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\fabrice chambe\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\cedric\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\chambe\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\Downloaded Program Files\egaccess4.inf trouvé !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\fabrice chambe\locals~1\applic~1" : 

wgkum.dat trouvé !
wgkum_nav.dat trouvé !
wgkum_navps.dat trouvé !

* Dans "C:\DOCUME~1\cedric\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\chambe\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 22/10/2008 à 18:02:34,50 ***

chimay8 · Answer

Relance Navilog, Sur le menu principal, choisis l'option 2. 
Suis les instructions et patiente. 
L'outil va t'informer qu'il redémarrera ton ordinateur. 
Sauvegarde les documents ouverts, s'il y en a, puis ferme toutes les fenêtres. 
Appuie sur une touche ainsi que demandé. 
Si ton ordinateur ne redémarre pas automatiquement, fais le manuellement. 
Choisis ta session habituelle si nécessaire. 
Patiente jusqu'au message *** Nettoyage terminé le &#8230;.*** (il se peut que ça prenne un certain temps). 
Un document du Bloc-notes est créé. Sauvegarde le rapport de manière à le retrouver. 
* Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse. 
Referme le Bloc-notes. 
Ton Bureau va réapparaître. 


Note : Si ton Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.

ensuite

Télécharge  LOP S&D de Eric71.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation.
Double-clique sur le raccourci Lop S&D présent sur ton bureau.
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )

Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.

fabou · Answer

--------------------\  Lop S&D 4.2.4-6   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : fabrice chambe ( Administrator )
   BOOT : Normal boot
   Antivirus : Pack Securite Plus 7.00 7.00 (Activated)
   Firewall  : Pack Securite Plus 7.00 7.00 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 114 Go Free : 81 Go
   D:\ (CD or DVD) - UDF - Total : 2 Go Free : 0 Go
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 20-10-2008|20:35 )
   Option : [1] ( 22/10/2008|18:26 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [06/01/2006|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [30/03/2006|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [27/02/2006|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [24/04/2005|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [10/01/2006|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
   [22/02/2006|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [15/04/2005|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
   [28/03/2006|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [18/01/2006|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
   [07/01/2006|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [23/04/2008|17:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
   [15/04/2006|12:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
   [16/08/2007|14:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
   [30/10/2006|16:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
   [27/06/2007|20:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Friends Games
   [18/04/2008|15:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\F-Secure
   [18/04/2008|15:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\fssg
   [22/11/2006|19:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
   [24/12/2007|19:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Grisoft
   [03/05/2008|10:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hgvwlaxg
   [03/05/2007|20:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InterAction studios
   [21/04/2008|14:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
   [29/04/2006|18:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
   [17/04/2006|15:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MSN Search Toolbar
   [17/08/2007|14:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MumboJumbo
   [20/03/2008|21:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NannyMania
   [20/05/2006|16:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PlayFirst
   [18/05/2007|19:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PopCap
   [24/05/2006|19:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot Games
   [15/04/2006|12:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SBT
   [21/03/2008|16:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
   [23/05/2007|20:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TERMINAL Studio
   [24/04/2006|18:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
   [05/03/2008|18:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
   [18/04/2006|19:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Zylom

   [19/04/2006|18:15] C:\DOCUME~1\cedric\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
   [20/08/2007|15:57] C:\DOCUME~1\cedric\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web 
   [20/10/2008|17:12] C:\DOCUME~1\cedric\APPLIC~1\Grisoft
   [19/04/2006|18:15] C:\DOCUME~1\cedric\APPLIC~1\Identities
   [20/08/2007|15:58] C:\DOCUME~1\cedric\APPLIC~1\ispnews
   [20/08/2007|15:56] C:\DOCUME~1\cedric\APPLIC~1\Microsoft

   [03/03/2006|18:17] C:\DOCUME~1\chambe\APPLIC~1\Adobe
   [06/01/2006|18:29] C:\DOCUME~1\chambe\APPLIC~1\Apple Computer
   [13/01/2006|12:41] C:\DOCUME~1\chambe\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
   [12/01/2006|17:39] C:\DOCUME~1\chambe\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web 
   [05/11/2005|18:28] C:\DOCUME~1\chambe\APPLIC~1\DownloadManager
   [25/06/2005|11:53] C:\DOCUME~1\chambe\APPLIC~1\eConf
   [03/11/2005|20:43] C:\DOCUME~1\chambe\APPLIC~1\Google
   [15/04/2005|20:03] C:\DOCUME~1\chambe\APPLIC~1\Help
   [06/02/2006|20:37] C:\DOCUME~1\chambe\APPLIC~1\Hulabee
   [24/03/2006|16:29] C:\DOCUME~1\chambe\APPLIC~1\Identities
   [03/03/2006|18:17] C:\DOCUME~1\chambe\APPLIC~1\InterTrust
   [21/01/2006|18:48] C:\DOCUME~1\chambe\APPLIC~1\Macromedia
   [30/03/2006|20:48] C:\DOCUME~1\chambe\APPLIC~1\Microsoft
   [15/04/2005|20:07] C:\DOCUME~1\chambe\APPLIC~1\Microsoft Web Folders
   [25/04/2005|20:24] C:\DOCUME~1\chambe\APPLIC~1\MSNInstaller
   [25/06/2005|11:00] C:\DOCUME~1\chambe\APPLIC~1\Sun
   [26/01/2006|18:50] C:\DOCUME~1\chambe\APPLIC~1\Wannadoo
   [06/04/2006|20:23] C:\DOCUME~1\chambe\APPLIC~1\WholeSecurity
   [24/03/2006|16:29] C:\DOCUME~1\chambe\APPLIC~1\Zylom

   [12/04/2005|11:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [15/04/2006|11:35] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

   [30/10/2006|21:20] C:\DOCUME~1\FABRIC~1\APPLIC~1\Adobe
   [28/02/2007|19:34] C:\DOCUME~1\FABRIC~1\APPLIC~1\AdobeUM
   [19/08/2008|14:19] C:\DOCUME~1\FABRIC~1\APPLIC~1\Ahead
   [30/01/2007|19:30] C:\DOCUME~1\FABRIC~1\APPLIC~1\Angkor
   [22/01/2007|18:12] C:\DOCUME~1\FABRIC~1\APPLIC~1\Apple Computer
   [06/12/2006|17:43] C:\DOCUME~1\FABRIC~1\APPLIC~1\Balloon Express
   [16/02/2008|15:59] C:\DOCUME~1\FABRIC~1\APPLIC~1\Creative
   [01/08/2007|16:12] C:\DOCUME~1\FABRIC~1\APPLIC~1\DialMessenger
   [24/10/2006|21:04] C:\DOCUME~1\FABRIC~1\APPLIC~1\DivX
   [17/05/2008|14:59] C:\DOCUME~1\FABRIC~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
   [17/04/2006|15:17] C:\DOCUME~1\FABRIC~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web 
   [21/05/2006|20:11] C:\DOCUME~1\FABRIC~1\APPLIC~1\eConf
   [02/01/2007|13:49] C:\DOCUME~1\FABRIC~1\APPLIC~1\F-Secure
   [17/04/2006|17:07] C:\DOCUME~1\FABRIC~1\APPLIC~1\Google
   [24/12/2007|19:50] C:\DOCUME~1\FABRIC~1\APPLIC~1\Grisoft
   [29/10/2006|13:43] C:\DOCUME~1\FABRIC~1\APPLIC~1\Help
   [15/04/2006|11:44] C:\DOCUME~1\FABRIC~1\APPLIC~1\Identities
   [25/08/2008|15:03] C:\DOCUME~1\FABRIC~1\APPLIC~1\InterTrust
   [31/12/2006|17:20] C:\DOCUME~1\FABRIC~1\APPLIC~1\ispnews
   [03/05/2007|19:30] C:\DOCUME~1\FABRIC~1\APPLIC~1\iWin
   [17/11/2006|19:30] C:\DOCUME~1\FABRIC~1\APPLIC~1\Leadertech
   [25/12/2006|23:52] C:\DOCUME~1\FABRIC~1\APPLIC~1\Macromedia
   [21/04/2008|14:33] C:\DOCUME~1\FABRIC~1\APPLIC~1\Malwarebytes
   [13/06/2008|17:12] C:\DOCUME~1\FABRIC~1\APPLIC~1\Microsoft
   [15/04/2006|12:52] C:\DOCUME~1\FABRIC~1\APPLIC~1\Microsoft Web Folders
   [22/10/2008|17:23] C:\DOCUME~1\FABRIC~1\APPLIC~1\Mozilla
   [17/04/2006|15:33] C:\DOCUME~1\FABRIC~1\APPLIC~1\MSN Search Toolbar
   [31/12/2006|17:25] C:\DOCUME~1\FABRIC~1\APPLIC~1\PEX
   [20/05/2006|16:53] C:\DOCUME~1\FABRIC~1\APPLIC~1\PlayFirst
   [10/12/2007|19:14] C:\DOCUME~1\FABRIC~1\APPLIC~1\Sony Corporation
   [17/04/2006|17:07] C:\DOCUME~1\FABRIC~1\APPLIC~1\Sun
   [07/07/2006|22:32] C:\DOCUME~1\FABRIC~1\APPLIC~1\Talkback
   [23/04/2008|17:21] C:\DOCUME~1\FABRIC~1\APPLIC~1\TmpRecentIcons
   [17/11/2007|18:12] C:\DOCUME~1\FABRIC~1\APPLIC~1\WinRAR

   [27/02/2006|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/01/2007|22:13] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

   [18/05/2005|18:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [15/04/2006|11:39] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [22/10/2008 10:50][--a------] C:\WINDOWS	asks\Scheduled scanning task.job
   [21/10/2008 18:36][--ah-----] C:\WINDOWS	asks\User_Feed_Synchronization-{B0168734-30DB-474C-A268-17DEE6822767}.job
   [16/08/2007 14:31][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [22/10/2008 18:15][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [23/03/2008|18:46] C:\Program Files\3DBELOTE
   [30/10/2006|13:03] C:\Program Files\Adobe
   [15/04/2006|12:18] C:\Program Files\Ahead
   [23/04/2008|15:27] C:\Program Files\akl
   [16/08/2007|14:31] C:\Program Files\Apple Software Update
   [20/03/2008|21:29] C:\Program Files\BELOTE2000
   [02/11/2007|18:27] C:\Program Files\CCleaner
   [12/04/2005|12:16] C:\Program Files\C-Media
   [29/09/2005|18:51] C:\Program Files\Codemasters
   [14/05/2006|15:12] C:\Program Files\Common Files
   [15/04/2006|11:32] C:\Program Files\ComPlus Applications
   [21/10/2006|20:28] C:\Program Files\Creative
   [27/05/2005|21:11] C:\Program Files\Cryo Interactive
   [15/04/2005|21:18] C:\Program Files\Davilex
   [13/08/2007|15:11] C:\Program Files\DialMessenger
   [10/07/2008|20:28] C:\Program Files\DivX
   [22/09/2005|19:24] C:\Program Files\eBay
   [14/07/2008|17:50] C:\Program Files\eMule
   [14/04/2008|18:27] C:\Program Files\Fichiers communs
   [24/02/2006|12:53] C:\Program Files\Firstload
   [12/04/2006|15:55] C:\Program Files\fsupport
   [06/12/2006|18:13] C:\Program Files\Gamenext
   [07/08/2006|17:10] C:\Program Files\GameSpy Arcade
   [23/04/2008|17:20] C:\Program Files\Google
   [24/12/2007|19:49] C:\Program Files\Grisoft
   [29/10/2006|16:45] C:\Program Files\GT Interactive
   [15/04/2006|13:09] C:\Program Files\Hemera Products
   [15/04/2005|17:58] C:\Program Files\Hewlett-Packard
   [03/06/2006|14:00] C:\Program Files\ICom Plugins
   [27/05/2005|19:53] C:\Program Files\Immersion Corporation
   [23/04/2008|15:27] C:\Program Files\Inet Delivery
   [10/12/2007|18:55] C:\Program Files\InstallShield Installation Information
   [27/06/2007|20:51] C:\Program Files\InterActual
   [17/10/2008|18:10] C:\Program Files\Internet Explorer
   [16/08/2007|14:37] C:\Program Files\iPod
   [26/08/2005|13:56] C:\Program Files\IrfanView
   [16/08/2007|14:37] C:\Program Files\iTunes
   [28/09/2008|12:48] C:\Program Files\Java
   [02/04/2006|17:38] C:\Program Files\Jeux classiques
   [13/05/2005|18:35] C:\Program Files\Kazaa
   [07/05/2007|17:12] C:\Program Files\LimeWire
   [21/04/2008|20:52] C:\Program Files\Lopxp
   [21/04/2008|14:33] C:\Program Files\Malwarebytes' Anti-Malware
   [28/09/2008|14:37] C:\Program Files\Messenger
   [27/05/2005|20:55] C:\Program Files\Metal Gear Solid
   [05/05/2005|16:45] C:\Program Files\Microids
   [12/04/2005|11:24] C:\Program Files\microsoft frontpage
   [15/04/2005|20:08] C:\Program Files\Microsoft Office
   [29/04/2005|22:24] C:\Program Files\MotoGP2
   [28/09/2008|14:16] C:\Program Files\Movie Maker
   [22/10/2008|18:20] C:\Program Files\Mozilla Firefox
   [25/04/2005|20:59] C:\Program Files\MSN
   [12/04/2005|11:21] C:\Program Files\MSN Gaming Zone
   [05/03/2008|18:23] C:\Program Files\MSN Messenger
   [17/04/2006|15:32] C:\Program Files\MSN Toolbar Suite
   [22/10/2008|18:17] C:\Program Files\Navilog1
   [28/09/2008|14:10] C:\Program Files\NetMeeting
   [18/04/2008|15:13] C:\Program Files\Neuf
   [13/01/2006|22:10] C:\Program Files\OneMX
   [12/04/2005|11:21] C:\Program Files\Online Services
   [09/06/2006|20:16] C:\Program Files\orange
   [28/09/2008|14:09] C:\Program Files\Outlook Express
   [23/04/2008|15:47] C:\Program Files\PC-Cleaner
   [30/03/2006|14:12] C:\Program Files\Player Metaboli
   [13/01/2006|22:07] C:\Program Files\QuickPar
   [16/08/2007|14:34] C:\Program Files\QuickTime
   [04/11/2007|13:53] C:\Program Files\SAGEM
   [04/09/2007|17:34] C:\Program Files\Securitoo
   [12/04/2005|11:23] C:\Program Files\Services en ligne
   [12/01/2006|23:48] C:\Program Files\Show
   [19/02/2006|17:49] C:\Program Files\Sierra On-Line
   [05/01/2007|23:41] C:\Program Files\sixteen tons entertainment
   [29/10/2006|13:43] C:\Program Files\Snapshot Viewer
   [10/12/2007|18:52] C:\Program Files\Sony
   [21/04/2008|14:18] C:\Program Files\Sun
   [22/10/2008|16:21] C:\Program Files\Trend Micro
   [03/03/2006|17:31] C:\Program Files\Ubisoft
   [12/04/2005|11:30] C:\Program Files\Uninstall Information
   [22/01/2007|19:01] C:\Program Files\Vimicro
   [16/04/2008|14:41] C:\Program Files\Wanadoo
   [05/01/2007|23:43] C:\Program Files\Wanadoo Jeux
   [05/03/2008|18:22] C:\Program Files\Windows Live
   [13/08/2008|16:49] C:\Program Files\Windows Live Safety Center
   [02/01/2007|18:23] C:\Program Files\Windows Media Connect 2
   [28/09/2008|14:09] C:\Program Files\Windows Media Player
   [28/09/2008|14:09] C:\Program Files\Windows NT
   [12/04/2005|11:23] C:\Program Files\WindowsUpdate
   [20/02/2008|17:19] C:\Program Files\WinRAR
   [12/04/2005|11:24] C:\Program Files\xerox
   [18/01/2006|20:23] C:\Program Files\Yahoo!
   [08/05/2008|13:18] C:\Program Files\YesMessenger
   [05/01/2007|23:44] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [28/02/2007|18:49] C:\Program Files\Fichiers communs\Adobe
   [12/04/2005|12:30] C:\Program Files\Fichiers communs\Ahead
   [16/08/2007|14:30] C:\Program Files\Fichiers communs\Apple
   [15/04/2005|20:09] C:\Program Files\Fichiers communs\Designer
   [29/04/2005|22:24] C:\Program Files\Fichiers communs\DirectX
   [15/04/2005|17:59] C:\Program Files\Fichiers communs\Hewlett-Packard
   [29/09/2005|18:50] C:\Program Files\Fichiers communs\InstallShield
   [25/06/2005|10:56] C:\Program Files\Fichiers communs\Java
   [05/03/2008|18:21] C:\Program Files\Fichiers communs\Microsoft Shared
   [12/04/2005|11:22] C:\Program Files\Fichiers communs\MSSoap
   [12/04/2005|12:06] C:\Program Files\Fichiers communs\ODBC
   [12/04/2005|11:22] C:\Program Files\Fichiers communs\Services
   [12/04/2005|12:06] C:\Program Files\Fichiers communs\SpeechEngines
   [12/04/2006|15:55] C:\Program Files\Fichiers communs\SWF Studio
   [28/09/2008|14:09] C:\Program Files\Fichiers communs\System
   [05/03/2008|18:20] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [01/04/2006|16:35] C:\Program Files\Fichiers communs\Wise Installation Wizard

   --------------------\  Process

   ( 53 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-22 18:28:14
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 156
 
   --------------------\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}]
    NameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{891E530A-47E7-4D77-9829-9853C22903AD}]
    NameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{95ECDFB6-6E4F-4781-AF74-F5927074C62B}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}]
    NameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{95ECDFB6-6E4F-4781-AF74-F5927074C62B}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{95ECDFB6-6E4F-4781-AF74-F5927074C62B}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{95ECDFB6-6E4F-4781-AF74-F5927074C62B}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}]
    DhcpNameServer	REG_SZ	85.255.116.92,85.255.112.146
   [b]==> WAREOUT <==/b
 


   [F:2][D:1]-> C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp
   [F:8][D:0]-> C:\DOCUME~1\FABRIC~1\Cookies
   [F:139][D:5]-> C:\DOCUME~1\FABRIC~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 22/10/2008|18:29 - Option : [1]

   --------------------\  Fin du rapport a 18:29:07

chimay8 · Answer

arf

* Télécharge FixWareout d'un de ces deux sites sur le bureau: 

http://downloads.subratam.org/Fixwareout.exe 
http://swandog46.geekstogo.com/Fixwareout.exe 

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish. 
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal. 

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

fabou · Answer

Username "fabrice chambe" - 22/10/2008 18:42:41 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{7ED6E60F-342B-4B34-9D16-DDF718816B9E}
"DhcpNameServer"="85.255.116.92,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{95ECDFB6-6E4F-4781-AF74-F5927074C62B}
"DhcpNameServer"="85.255.116.92,85.255.112.146" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{DC657D75-98AD-402D-B30C-FAF3C3FBF32C}
"DhcpNameServer"="85.255.116.92,85.255.112.146" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully. 
 
~~~~~ Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"PD0620 STISvc"="RunDLL32.exe P0620Pin.dll,RunDLL32EP 513"
"F-Secure Manager"="\"C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"News Service"="\"C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe\""
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"MsnMsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Creative WebCam Tray"="\"C:\Program Files\Creative\Shared Files\CamTray.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:30, on 22/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

chimay8 · Answer

relance HJT(scan only) et coche ces lignes

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?  
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm  
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?5cf13ed795014580ab231e254a34243  
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?5cf13ed795014580ab231e254a34243  
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime     
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"     
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe     
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background     
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe     
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE     

clic sur fix checked

désinstalle adobe et mets la nouvelle version
 https://get2.adobe.com/reader/otherversions/

tu as malwarebytes,fais la mise à jour
puis fais un examen complet
supprime tout ce qu'il trouve et poste le rapport

fabou · Answer

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1309
Windows 5.1.2600 Service Pack 3

23/10/2008 19:50:26
mbam-log-2008-10-23 (19-50-26).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 142760
Temps écoulé: 1 hour(s), 58 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 66

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c65156c-bd92-41f7-ba26-0ca21b846d2a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a16d89ea-b695-4dda-b31d-7fa01a57f1bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6eb10f79-5e53-4f76-b146-409efcdcb957} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df0ace0c-4a3f-4a1f-8676-ba16deb23c70} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{665eadde-d769-4c2e-9e97-cbdc41ca5a1f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878f049-d33e-45e0-a157-c36a6683cf25} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4653484-f38c-455f-bb15-1175e527754e} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd31bf07-70e3-4b98-8f70-0970af614275} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7ed6e60f-342b-4b34-9d16-ddf718816b9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.92,85.255.112.146 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7ed6e60f-342b-4b34-9d16-ddf718816b9e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.92,85.255.112.146 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{891e530a-47e7-4d77-9829-9853c22903ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.92,85.255.112.146 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{95ecdfb6-6e4f-4781-af74-f5927074c62b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.92,85.255.112.146 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dc657d75-98ad-402d-b30c-faf3c3fbf32c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.92,85.255.112.146 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dc657d75-98ad-402d-b30c-faf3c3fbf32c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.92,85.255.112.146 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\hgvwlaxg\pglyryds.0xe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wdpoefan.0ll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buhkjybs.0xe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	emp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWSs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

chimay8 · Answer

poste un nouveau rapport Hijackthis stp

fabou · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:04, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\FSPC\fspc.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

chimay8 · Answer

super,comment tourne ton pc?

fabou · Answer

ca va mieux

chimay8 · Answer

ca va mieux

précise,tu as encore des blèmes?

fabou · Answer

non c est bon

chimay8 · Answer

ok,

fais ceci pour terminer,et c'est important!!

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner

# Clique sur "Recherche" et laisse le scan agir ... 
# Clique sur "Suppression" pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ensuite

Télécharges : - CCleaner (n'installe pas la barre d'outil Yahoo)
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première. 
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

---> Utilisation: 
! déconnectes toi et fermes toutes applications en cours ! 
* vas dans "nettoyeur" : fait analyse puis nettoyage 
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

***très important***

Suppression des points de restauration : 
1.Ouvre le Menu Démarrer 
2.Clique-droit sur Poste de travail 
3.Clique sur Propriétés 
4.Positionne-toi dans l'onglet Restauration du système 
5.Coche "Désactiver la restauration système" 
6.Valide par Ok 
7.Redémarre ton pc
8.Reproduis les manipulations 1 à 3 
9.Décoche "Désactiver la restauration système" 
10.Valide par Ok

si tu n as pas d autres soucis change le statut du sujet en resolu stp

fabou · Answer

[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\egd.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Navipromo.txt: trouvé !
C:\FixWareOut: trouvé !
C:\Lop SD: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\fabrice chambe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\fabrice chambe\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\fabrice chambe\Bureau\FixWareout.exe: trouvé !
C:\Documents and Settings\fabrice chambe\Mes documents\Navilog1.exe: trouvé !
C:\Documents and Settings\fabrice chambe\Mes documents\lopxpsetup.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\lopxp: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users.WINDOWS\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\fabrice chambe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\fabrice chambe\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\fabrice chambe\Bureau\FixWareout.exe: supprimé !
C:\Documents and Settings\fabrice chambe\Mes documents\Navilog1.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\egd.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Navipromo.txt: supprimé !
C:\Documents and Settings\fabrice chambe\Mes documents\lopxpsetup.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\FixWareOut: supprimé !
C:\Lop SD: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\lopxp: supprimé !
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!

chimay8 · Answer

ok,
tu peux virer Hijackthis manuellement puis ces bon

fais gaffe à toi,
et bon surf
@+

fabou · Answer

j ai un message erreur qui s affiche au démarrage:
 
erreur de chargement de P0620Pin.dl

chimay8 · Answer

mwouais,
c'est ta webcam
si tu as une webcam de la marque créative,réinstalle les drivers

fabou · Answer

ok merci

Rapport hijachis

40 réponses

Votre réponse

Discussions similaires

Newsletters