Rapport Hijack ! BESOIN D'AIDE - Page 2

Résolu
Précédent
  • 1
  • 2
  • 3
  1. Navid_92 Messages postés 778 Statut Membre 87
     
    SmitFraudFix v2.381

    Rapport fait à 17:41:03,20, 07/12/2008
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\resycled\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Navid

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Navid\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Navid\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\Navid\MENUDM~1\PROGRA~1\homeview PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Navid\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\homeview\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.112.81;85.255.112.205

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=85.255.112.81;85.255.112.205
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  2. Navid_92 Messages postés 778 Statut Membre 87
     
    SmitFraudFix v2.381

    Rapport fait à 18:16:07,42, 07/12/2008
    Executé à partir de C:\Documents and Settings\Navid\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\DOCUME~1\Navid\MENUDM~1\PROGRA~1\homeview supprimé
    C:\Program Files\homeview\ supprimé
    C:\resycled\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=85.255.112.81;85.255.112.205
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. ric025
     
    Bien! Tu peux relancer smitfraudfix et refaire l'option 1. Tu me postes le rapport s'il te plaît.
    0
  4. Navid_92 Messages postés 778 Statut Membre 87
     
    SmitFraudFix v2.381

    Rapport fait à 18:32:13,65, 07/12/2008
    Executé à partir de C:\Documents and Settings\Navid\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Navid\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Navid

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Navid\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Navid\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Navid\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.112.81;85.255.112.205

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=85.255.112.81;85.255.112.205
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ric025
     
    Relance-le et fais l'option 5. Poste le rapport suivi d'un log hijackthis tout frais.
    0
  7. Navid_92 Messages postés 778 Statut Membre 87
     
    Rapport
    SmitFraudFix v2.381

    Rapport fait à 18:53:30,92, 07/12/2008
    Executé à partir de C:\Documents and Settings\Navid\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.112.81;85.255.112.205

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=85.255.112.81;85.255.112.205
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer=212.27.54.252,212.27.53.252

    --------------------------------------------------------------------------

    Rapport Hijack
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:54:49, on 07/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdqeg.exe] C:\WINDOWS\system32\kdqeg.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Policies\Explorer\Run: [{44E882B7-07D9-1036-0613-060517060021}] "C:\Program Files\Fichiers communs\{44E882B7-07D9-1036-0613-060517060021}\Update.exe" mc-110-12-0000272
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://euroafkabparis.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://studioladefense.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur PC-BaX - Unknown owner - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  8. Navid_92 Messages postés 778 Statut Membre 87
     
    Ok il est en cours d'execution !
    0
  9. Navid_92 Messages postés 778 Statut Membre 87
     
    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1469
    Windows 5.1.2600 Service Pack 3

    07/12/2008 19:14:04
    mbam-log-2008-12-07 (19-14-04).txt

    Type de recherche: Examen rapide
    Eléments examinés: 61618
    Temps écoulé: 5 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmbj32 (Dialer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\VSAdd-in (Adware.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\winmbj32.dll (Dialer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
    C:\Documents and Settings\Navid\Application Data\Dxcknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  10. Navid_92 Messages postés 778 Statut Membre 87
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35:08, on 07/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Policies\Explorer\Run: [{44E882B7-07D9-1036-0613-060517060021}] "C:\Program Files\Fichiers communs\{44E882B7-07D9-1036-0613-060517060021}\Update.exe" mc-110-12-0000272
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://euroafkabparis.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://studioladefense.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur PC-BaX - Unknown owner - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  11. Navid_92 Messages postés 778 Statut Membre 87
     
    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : Navid ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
    Firewall : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:113 Go (Free:16 Go)
    D:\ (Local Disk) - FAT32 - Total:114 Go (Free:2 Go)
    E:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [1] ( 07/12/2008|19:48 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\Config.xml
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\db
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\dwld
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\report
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\res1
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\db\Aliases.dbs
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\db\Sites.dbs
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\dwld\Phishinglist.xip
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\dwld\WhiteList.xip
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\report\aggr_storage.xml
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\report\send_storage.xml
    C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs\res1\WhiteList.dbs
    C:\Program Files\SmartShopper
    C:\Program Files\SmartShopper\Bin
    C:\Program Files\SmartShopper\Uninst.exe
    C:\Program Files\SmartShopper\Bin\2.5.0
    C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SmartShopper
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\a.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\amazon.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\an.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrow.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrowB.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrowT.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrow_down.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrow_up.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\autofill.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\b.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bg_pub.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bg_ttl.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bottom.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bottom_left.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bottom_right.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\c.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\CAlogo.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\canalblog.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\cn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\d.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\dictionary2.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\dn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\DownloadCOM.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\dropdown.css
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\email_b.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\equalizer_loading.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\equalizer_off.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\equalizer_on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ErrorLog.txt
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ErrorPageTemplate_search.css
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\f.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\fn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\g.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\gaming.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\gn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred0.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred0_5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred1.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred1_5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred2.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred2_5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred3.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred3_5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred4.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred4_5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\help.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\hideremove.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\highlight.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\hn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_aquarius.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_aries.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_cancer.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_capricorn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_gemini.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_leo.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_libra.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_pisces.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_sagittarius.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_scorpio.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_taurus.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_virgo.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\i.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\IEtab1_8.zip
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\images01.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\in.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\j.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\jn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\k.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\kn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\l.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\left.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ln.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\loading.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\logo.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\logo_facebook.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\minus.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\minus_on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\music2.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\n.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\New York_NY_weather.txt
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\New York_NY_weather.txt43167781
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\NewCfg
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\news.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\news.html
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\newsb.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\nn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\o.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\p.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\pixsy.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\play.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\play_on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\plus.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\plus_on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\pn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\popup_off.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\popup_on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\popup_ona.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\p_yahoo.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\q.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\qn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\r.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\relatedlinks.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\report.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\right.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rss.xsl
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rss1.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rsslib.js
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\s.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\search.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\search.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\search_fr.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\settings.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\shop2.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt10632718
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt10983578
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt1563859
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt18664437
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt19601562
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt24194109
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt25892281
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt25897421
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt43167781
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\siteinfo.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\slider.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\spacer.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red1.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red2.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red3.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red4.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red5.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stop.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stop_on.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\t.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tabdataV3.js
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tabwelcome_en.html
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tabwelcome_fr.html
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tab_icon.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\technorati.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\Thumbs.db
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tools.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\top.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\top_left.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\top_right.png
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\translate.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\u.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\un.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\utf8.js
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\v.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\vmlib.js
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\vn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\w.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\web_fr.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\wikipedia.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\wn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\x.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\xp_close_small.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\yahoo_search.gif
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\YouTube.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\z.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\zn.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\zoom.bmp
    C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\__slider.bmp
    C:\Program Files\VMNToolbar
    C:\Program Files\VMNToolbar\install.ico
    C:\Program Files\VMNToolbar\tbuninstall.exe
    C:\Program Files\VMNToolbar\toolbar.ini
    C:\Program Files\VMNToolbar\uninstall.exe
    C:\Program Files\VMNToolbar\vmntoolbar.dll

    -----------\\ Extensions

    (Navid) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

    --------------------\\ Recherche d'autres infections

    C:\DOCUME~1\Navid\Bureau\MessengerSkinner_setup.exe
    [b]==> EGDACCESS <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Navid\Bureau\Nouveau dossier (3)\Nouveau dossier 2\Nouveau dossier\GG\cracken.zip

    1 - "C:\ToolBar SD\TB_1.txt" - 07/12/2008|19:49 - Option : [1]

    -----------\\ Fin du rapport a 19:49:33,70
    0
  12. ric025
     
    /!\ Attention aux cracks, sources d'infections /!\

    Désactive AVG anti-spyware et Kasper le temps de l'option 2. N'oublie pas de les réactiver avant de poster ici.

    Relance Toolbar S&D et exécute l'option 2.

    /!\ Ne ferme pas la fenêtre lors de la suppression /!\

    Poste le rapport.
    0
  13. Navid_92 Messages postés 778 Statut Membre 87
     
    Fo que je fasse l'option 2 en premier mais celui de kel logiciel ?
    0
  14. ric025
     
    Non, il faut désactiver tes protections (Antivirus et antispywares) le temps de l'exécution de l'option 2 de Toolbar S&D.
    0
  15. Navid_92 Messages postés 778 Statut Membre 87
     
    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : Navid ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
    Firewall : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:113 Go (Free:16 Go)
    D:\ (Local Disk) - FAT32 - Total:114 Go (Free:2 Go)
    E:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [2] ( 07/12/2008|19:59 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\SmartShopper\cs
    Supprime! - C:\Program Files\SmartShopper\Bin
    Supprime! - C:\Program Files\SmartShopper\Uninst.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\SmartShopper
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\a.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\amazon.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\an.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrow.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrowB.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrowT.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrow_down.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\arrow_up.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\autofill.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\b.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bg_pub.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bg_ttl.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bottom.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bottom_left.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\bottom_right.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\c.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\CAlogo.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\canalblog.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\cn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\d.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\dictionary2.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\dn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\DownloadCOM.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\dropdown.css
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\email_b.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\equalizer_loading.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\equalizer_off.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\equalizer_on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ErrorLog.txt
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ErrorPageTemplate_search.css
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\f.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\fn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\g.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\gaming.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\gn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred0.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred0_5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred1.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred1_5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred2.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred2_5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred3.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred3_5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred4.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred4_5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\graphred5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\help.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\hideremove.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\highlight.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\hn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_aquarius.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_aries.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_cancer.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_capricorn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_gemini.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_leo.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_libra.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_pisces.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_sagittarius.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_scorpio.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_taurus.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\h_virgo.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\i.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\IEtab1_8.zip
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\images01.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\in.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\j.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\jn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\k.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\kn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\l.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\left.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\ln.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\loading.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\logo.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\logo_facebook.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\minus.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\minus_on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\music2.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\n.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\New York_NY_weather.txt
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\New York_NY_weather.txt43167781
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\NewCfg
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\news.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\news.html
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\newsb.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\nn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\o.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\p.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\pixsy.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\play.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\play_on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\plus.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\plus_on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\pn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\popup_off.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\popup_on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\popup_ona.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\p_yahoo.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\q.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\qn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\r.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\relatedlinks.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\report.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\right.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rss.xsl
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rss1.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rsslib.js
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\s.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\search.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\search.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\search_fr.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\settings.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\shop2.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt10632718
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt10983578
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt1563859
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt18664437
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt19601562
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt24194109
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt25892281
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt25897421
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sinfo.txt43167781
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\siteinfo.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\slider.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\sn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\spacer.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red1.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red2.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red3.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red4.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stars-red5.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stop.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\stop_on.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\t.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tabdataV3.js
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tabwelcome_en.html
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tabwelcome_fr.html
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tab_icon.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\technorati.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\Thumbs.db
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\tools.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\top.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\top_left.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\top_right.png
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\translate.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\u.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\un.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\utf8.js
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\v.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\vmlib.js
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\vn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\w.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\web_fr.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\wikipedia.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\wn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\x.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\xp_close_small.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\yahoo_search.gif
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\YouTube.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\z.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\zn.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\zoom.bmp
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar\__slider.bmp
    Supprime! - C:\Program Files\VMNToolbar\install.ico
    Supprime! - C:\Program Files\VMNToolbar\tbuninstall.exe
    Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
    Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
    Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\SmartShopper
    Supprime! - C:\Program Files\SmartShopper
    Supprime! - C:\DOCUME~1\Navid\APPLIC~1\VMNToolbar
    Supprime! - C:\Program Files\VMNToolbar

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (Navid) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    C:\DOCUME~1\Navid\Bureau\MessengerSkinner_setup.exe
    [b]==> EGDACCESS <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Navid\Bureau\Nouveau dossier (3)\Nouveau dossier 2\Nouveau dossier\GG\cracken.zip

    1 - "C:\ToolBar SD\TB_1.txt" - 07/12/2008|19:49 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 07/12/2008|20:02 - Option : [2]

    -----------\\ Fin du rapport a 20:02:33,37
    0
  16. Navid_92 Messages postés 778 Statut Membre 87
     
    Je n'arrive pas à mettre le fichier que tu dis dans la partie que tu indique.
    Je vois le fichier spécial mais comment le met on dans le cadre
    0
  17. Navid_92 Messages postés 778 Statut Membre 87
     
    Non rien en faite j'y arrive mais sa me met :
    Error: Unable to interpret <C:\DOCUME~1\Navid\Bureau\MessengerSkinner_setup.exe> in the current context!
    0
  18. ric025
     
    Copie/colle-le directement depuis mon message.
    0
  19. Navid_92 Messages postés 778 Statut Membre 87
     
    Non j'y arrive mais sa me met :
    Error: Unable to interpret <C:\DOCUME~1\Navid\Bureau\MessengerSkinner_setup.exe> in the current context!
    0
  20. ric025
     
    Ok! Essaie de le supprimer manuellement. Tu te rends dans C:\DOCUME~1\Navid\Bureau et tu supprimes le fichier MessengerSkinner_setup.exe
    0
  21. Navid_92 Messages postés 778 Statut Membre 87
     
    Je l'ai supprimé manuelement c bon, apres je fais koi ?
    0
Précédent
  • 1
  • 2
  • 3