Comment desinstaller virus lab 2009
humsamy
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Scan saved at 20:33:12, on 06/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lexmark 2400 Series\lxcrmon.exe
D:\Program Files\Lexmark 2400 Series\ezprint.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Orange\Systray\SystrayApp.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\DOCUME~1\z\LOCALS~1\Temp\xxx4560.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\lxcrcoms.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\DOCUME~1\z\LOCALS~1\Temp\~tmpc.exe
D:\Program Files\Orange\Launcher\Launcher.exe
D:\Program Files\Orange\connectivity\connectivitymanager.exe
D:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - D:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {2B9140C6-32DD-44A6-9DAD-9C205337DA0E} - (no file)
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - D:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: offersfortoday - {e16ccdb6-cf79-ba23-9b7b-8ad86be937b4} - D:\WINDOWS\system32\nsp75.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - D:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - D:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "D:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "D:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANTIVIRUS] D:\Program Files\AAV\aav.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6913] command /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3312] cmd /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5865] command /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9346] cmd /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6107] command /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7510] cmd /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1144] command /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4572] cmd /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5856] command /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4477] cmd /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA533] command /c del "D:\Program Files\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6211] cmd /c del "D:\Program Files\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8045] command /c del "D:\Program Files\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4641] cmd /c del "D:\Program Files\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7474] command /c del "D:\Program Files\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4371] cmd /c del "D:\Program Files\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7771] command /c del "D:\Program Files\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2327] cmd /c del "D:\Program Files\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9991] command /c del "D:\Program Files\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC670] cmd /c del "D:\Program Files\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7955] command /c del "D:\Program Files\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC889] cmd /c del "D:\Program Files\Applications\ts.ico"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Cognac] D:\DOCUME~1\z\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] D:\DOCUME~1\z\LOCALS~1\Temp\xxx4560.exe
O4 - HKCU\..\Run: [ViRsLab] "D:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1114] command /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4169] cmd /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB759] command /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2845] cmd /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8998] command /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD40] cmd /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9975] command /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2355] cmd /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2682] command /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9426] cmd /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7836] command /c del "D:\Program Files\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8476] cmd /c del "D:\Program Files\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4947] command /c del "D:\Program Files\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5679] cmd /c del "D:\Program Files\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4230] command /c del "D:\Program Files\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1563] cmd /c del "D:\Program Files\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8899] command /c del "D:\Program Files\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7864] cmd /c del "D:\Program Files\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3039] command /c del "D:\Program Files\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2397] cmd /c del "D:\Program Files\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5864] command /c del "D:\Program Files\Applications\ts.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4426] cmd /c del "D:\Program Files\Applications\ts.ico"
O4 - HKLM\..\Policies\Explorer\Run: [smile] D:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: La Solution Ciel.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.triforce.fr/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fphotos.msn.fr%2fresources%2fneutral%2fcontrols%2fDigWebX2.cab%3f10%2c0%2c910%2c0
O22 - SharedTaskScheduler: displume - {d54f12f7-4d76-4c39-a096-e51ef5d33f2b} - D:\WINDOWS\system32\qfrmwmq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - D:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - D:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
Scan saved at 20:33:12, on 06/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lexmark 2400 Series\lxcrmon.exe
D:\Program Files\Lexmark 2400 Series\ezprint.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Orange\Systray\SystrayApp.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\DOCUME~1\z\LOCALS~1\Temp\xxx4560.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\lxcrcoms.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\DOCUME~1\z\LOCALS~1\Temp\~tmpc.exe
D:\Program Files\Orange\Launcher\Launcher.exe
D:\Program Files\Orange\connectivity\connectivitymanager.exe
D:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - D:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {2B9140C6-32DD-44A6-9DAD-9C205337DA0E} - (no file)
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - D:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: offersfortoday - {e16ccdb6-cf79-ba23-9b7b-8ad86be937b4} - D:\WINDOWS\system32\nsp75.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - D:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - D:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "D:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "D:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANTIVIRUS] D:\Program Files\AAV\aav.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6913] command /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3312] cmd /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5865] command /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9346] cmd /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6107] command /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7510] cmd /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1144] command /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4572] cmd /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5856] command /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4477] cmd /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA533] command /c del "D:\Program Files\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6211] cmd /c del "D:\Program Files\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8045] command /c del "D:\Program Files\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4641] cmd /c del "D:\Program Files\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7474] command /c del "D:\Program Files\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4371] cmd /c del "D:\Program Files\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7771] command /c del "D:\Program Files\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2327] cmd /c del "D:\Program Files\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9991] command /c del "D:\Program Files\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC670] cmd /c del "D:\Program Files\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7955] command /c del "D:\Program Files\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC889] cmd /c del "D:\Program Files\Applications\ts.ico"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Cognac] D:\DOCUME~1\z\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] D:\DOCUME~1\z\LOCALS~1\Temp\xxx4560.exe
O4 - HKCU\..\Run: [ViRsLab] "D:\Program Files\ViRsLab\ViRsLab.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1114] command /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4169] cmd /c del "D:\Program Files\Applications\iebt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB759] command /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2845] cmd /c del "D:\Program Files\Applications\iebtm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8998] command /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD40] cmd /c del "D:\Program Files\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9975] command /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2355] cmd /c del "D:\Program Files\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2682] command /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9426] cmd /c del "D:\Program Files\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7836] command /c del "D:\Program Files\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8476] cmd /c del "D:\Program Files\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4947] command /c del "D:\Program Files\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5679] cmd /c del "D:\Program Files\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4230] command /c del "D:\Program Files\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1563] cmd /c del "D:\Program Files\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8899] command /c del "D:\Program Files\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7864] cmd /c del "D:\Program Files\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3039] command /c del "D:\Program Files\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2397] cmd /c del "D:\Program Files\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5864] command /c del "D:\Program Files\Applications\ts.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4426] cmd /c del "D:\Program Files\Applications\ts.ico"
O4 - HKLM\..\Policies\Explorer\Run: [smile] D:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: La Solution Ciel.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.triforce.fr/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fphotos.msn.fr%2fresources%2fneutral%2fcontrols%2fDigWebX2.cab%3f10%2c0%2c910%2c0
O22 - SharedTaskScheduler: displume - {d54f12f7-4d76-4c39-a096-e51ef5d33f2b} - D:\WINDOWS\system32\qfrmwmq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - D:\WINDOWS\System32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - D:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
A voir également:
- Comment desinstaller virus lab 2009
- Desinstaller application windows - Guide
- Désinstaller mcafee - Guide
- Désinstaller onedrive - Guide
- Desinstaller edge - Guide
- Désinstaller avast - Télécharger - Antivirus & Antimalwares
2 réponses
puis
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
slt
vire ce qui est dans la sauvegarde (quarantaine) de spybot puis desinstalle spybot que l'on remettra a la fin
ensuite:
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
vire ce qui est dans la sauvegarde (quarantaine) de spybot puis desinstalle spybot que l'on remettra a la fin
ensuite:
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
