Sujet Précédent Sujet Suivant

Comment se débarrasser de trojan zlob ou gen

francky60 -  
 francky60 -
Bonjour,
Pouvez vous m'aider a supprimer un trojan zlob ou trojan gen. Mon antivirus Avast là détecté, je l'ai mis en quarantaine mais, cela ne change rien. Et de plus je suis novice en informatique
Merci d'avance

45 réponses

Précédent
Réponse 21 / 45
francky60
 
voila le rapport

j'ai aussi désinstaller norton

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe not found.
File/Folder C:\Documents and Settings\HP_Propriétaire\Application Data\WinButler not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_b24.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFBFD2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_52c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_111037
0
Réponse 22 / 45
neor Messages postés 1119 Statut Membre 30
 
--------------recherche----------------------------

Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Déconnecte toi et ferme toutes tes applications en cours .

Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .
0
Réponse 23 / 45
francky60
 
voila

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 09/30/05 18:13:56 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081213-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:57 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 14/12/2008|11:55 )

--------------------\\ Listing des dossiers dans APPLIC~1

[05/10/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[05/07/2008|13:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/11/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[19/05/2007|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/12/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[23/04/2006|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[09/12/2006|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\curbbeepbookref
[04/07/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[23/03/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[03/01/2005|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[03/01/2005|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[21/07/2006|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[13/12/2008|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/05/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/12/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[28/12/2007|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[14/12/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[07/12/2006|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[11/04/2006|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[28/04/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[03/01/2005|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[03/01/2005|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[28/09/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[31/05/2006|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/01/2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[03/01/2005|06:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[03/01/2005|06:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[03/01/2005|06:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[07/08/2008|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[31/07/2007|17:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[21/05/2007|14:31] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/06/2008|12:43] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AVS4YOU
[13/12/2008|13:36] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio
[08/11/2008|20:44] C:\DOCUME~1\HP_PRO~1\APPLIC~1\DivX
[12/09/2006|17:49] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[12/09/2006|17:49] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[17/12/2006|14:42] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo
[09/12/2006|19:18] C:\DOCUME~1\HP_PRO~1\APPLIC~1\File way iso
[20/01/2007|13:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\F-Secure
[13/12/2008|10:38] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Google
[15/01/2008|18:41] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[02/01/2007|21:33] C:\DOCUME~1\HP_PRO~1\APPLIC~1\HP
[09/04/2006|10:48] C:\DOCUME~1\HP_PRO~1\APPLIC~1\HPQ
[08/03/2008|19:21] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[03/06/2006|13:52] C:\DOCUME~1\HP_PRO~1\APPLIC~1\InterVideo
[30/05/2006|11:58] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[07/05/2008|13:55] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[13/12/2008|14:33] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Malwarebytes
[07/12/2008|15:01] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[11/04/2006|09:55] C:\DOCUME~1\HP_PRO~1\APPLIC~1\MSNInstaller
[28/12/2007|17:21] C:\DOCUME~1\HP_PRO~1\APPLIC~1\muvee Technologies
[03/01/2005|06:10] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[29/07/2008|13:51] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Samsung
[15/03/2007|19:11] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Screenshot Sender
[07/08/2007|19:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SecuROM
[30/05/2006|11:58] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[10/05/2006|19:38] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[07/12/2008|19:00] C:\DOCUME~1\HP_PRO~1\APPLIC~1\teamspeak2
[07/12/2008|21:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\TeamViewer
[17/07/2006|12:28] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[12/07/2008|19:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\vlc
[14/12/2008|11:34] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Xfire

[09/09/2007|12:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[07/12/2008|22:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

[02/04/2008|12:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[07/12/2008|21:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/12/2008 07:21][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/12/2008 11:37][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[14/12/2008 11:00][--ah-----] C:\WINDOWS\tasks\A307AF9E91882CAA.job
[14/12/2008 11:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( A307AF9E91882CAA.job )=( c:\docume~1\hp_pro~1\applic~1\filewa~1\2thisdrive.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[02/01/2008|20:29] C:\Program Files\Activision
[21/06/2008|11:20] C:\Program Files\Activision Value
[07/08/2008|12:56] C:\Program Files\Adobe
[31/12/2007|21:24] C:\Program Files\AGEIA Technologies
[26/07/2008|11:09] C:\Program Files\Alwil Software
[07/10/2008|17:57] C:\Program Files\Apple Software Update
[18/08/2008|15:27] C:\Program Files\Audacity
[08/06/2008|12:43] C:\Program Files\AVS4YOU
[08/07/2006|17:48] C:\Program Files\BeWAN ADSL V1.9.0.10
[09/04/2006|09:57] C:\Program Files\BeWAN ADSL V1.9.0.5
[05/10/2008|16:43] C:\Program Files\Bonjour
[21/07/2006|18:39] C:\Program Files\Boonty
[16/03/2007|20:57] C:\Program Files\BoontyGames
[22/05/2007|20:57] C:\Program Files\CENEGA
[24/11/2004|02:37] C:\Program Files\ComPlus Applications
[05/09/2007|17:46] C:\Program Files\Disney Interactive
[03/11/2008|17:37] C:\Program Files\DivX
[02/05/2008|16:52] C:\Program Files\EA GAMES
[12/08/2007|16:01] C:\Program Files\Easy Internet signup
[07/07/2007|13:46] C:\Program Files\Eidos Interactive
[17/12/2006|14:42] C:\Program Files\eoRezo
[13/12/2008|13:27] C:\Program Files\Fichiers communs
[22/06/2006|17:21] C:\Program Files\File way iso
[07/11/2008|19:43] C:\Program Files\Free Audio Pack
[15/07/2007|18:51] C:\Program Files\GameSpy Arcade
[24/03/2008|02:38] C:\Program Files\Google
[12/09/2006|17:49] C:\Program Files\Hewlett-Packard
[03/01/2005|05:52] C:\Program Files\HP
[12/08/2007|16:01] C:\Program Files\hp deskjet 930c series
[13/12/2008|16:48] C:\Program Files\InstallShield Installation Information
[22/05/2007|18:19] C:\Program Files\Interactive Vision
[13/12/2008|10:35] C:\Program Files\Internet Explorer
[03/01/2005|06:03] C:\Program Files\InterVideo
[05/10/2008|16:53] C:\Program Files\iPod
[05/10/2008|16:53] C:\Program Files\iTunes
[19/06/2007|19:14] C:\Program Files\IZArc
[07/12/2008|17:50] C:\Program Files\Java
[28/05/2008|15:17] C:\Program Files\JS Star
[13/12/2008|10:17] C:\Program Files\Konvertor
[11/04/2006|11:23] C:\Program Files\Logitech
[01/02/2007|21:26] C:\Program Files\Macrogaming
[13/12/2008|14:33] C:\Program Files\Malwarebytes' Anti-Malware
[23/03/2008|23:50] C:\Program Files\MeeSoft
[21/07/2006|18:39] C:\Program Files\Mes Jeux T‚l‚charg‚s
[20/08/2008|01:40] C:\Program Files\Messenger
[09/09/2008|18:56] C:\Program Files\Messenger Plus! Live
[11/04/2006|11:38] C:\Program Files\Micro Application
[17/01/2008|01:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/05/2006|10:38] C:\Program Files\Microsoft Encarta
[25/11/2004|04:27] C:\Program Files\microsoft frontpage
[10/11/2008|19:33] C:\Program Files\Microsoft Office
[14/01/2008|19:50] C:\Program Files\Microsoft SQL Server Compact Edition
[10/11/2008|19:33] C:\Program Files\Microsoft Visual Studio
[10/11/2008|19:33] C:\Program Files\Microsoft Works
[10/11/2008|19:32] C:\Program Files\Microsoft.NET
[20/08/2008|01:30] C:\Program Files\Movie Maker
[28/07/2008|19:03] C:\Program Files\MSECACHE
[11/04/2006|09:54] C:\Program Files\MSN
[11/04/2006|10:59] C:\Program Files\MSN Apps
[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
[19/11/2006|13:45] C:\Program Files\MSXML 4.0
[03/01/2005|06:09] C:\Program Files\muvee Technologies
[13/12/2008|14:14] C:\Program Files\Navilog1
[20/08/2008|01:28] C:\Program Files\NetMeeting
[25/11/2004|04:27] C:\Program Files\Online Services
[20/08/2008|01:28] C:\Program Files\Outlook Express
[05/10/2008|16:52] C:\Program Files\QuickTime
[02/11/2006|14:07] C:\Program Files\ReflexiveArcade
[13/12/2008|16:48] C:\Program Files\Saitek
[29/07/2008|13:47] C:\Program Files\Samsung
[03/01/2005|06:17] C:\Program Files\Services en ligne
[29/12/2007|15:32] C:\Program Files\Shareaza
[03/01/2005|06:02] C:\Program Files\Sonic
[28/09/2008|19:06] C:\Program Files\Spybot - Search & Destroy
[04/12/2006|19:04] C:\Program Files\Styliste3
[02/05/2008|17:31] C:\Program Files\SystemRequirementsLab
[07/12/2008|19:44] C:\Program Files\Teamspeak2_RC2
[07/12/2008|21:29] C:\Program Files\TeamViewer3
[13/03/2008|16:33] C:\Program Files\Tele2
[13/12/2008|11:52] C:\Program Files\Trend Micro
[14/08/2007|23:52] C:\Program Files\Ubi Soft
[21/09/2007|18:46] C:\Program Files\UBISOFT
[24/11/2004|02:37] C:\Program Files\Uninstall Information
[04/11/2008|18:10] C:\Program Files\Veoh Networks
[12/07/2008|18:58] C:\Program Files\VideoLAN
[16/07/2007|22:01] C:\Program Files\Wanted Guns
[24/03/2008|00:33] C:\Program Files\Windows Defender
[02/05/2008|16:41] C:\Program Files\Windows Installer Clean Up
[31/05/2006|16:25] C:\Program Files\Windows Journal Viewer
[28/02/2008|01:02] C:\Program Files\Windows Live
[20/08/2008|01:28] C:\Program Files\Windows Media Player
[20/08/2008|01:28] C:\Program Files\Windows NT
[24/11/2004|02:37] C:\Program Files\WindowsUpdate
[25/11/2004|04:28] C:\Program Files\xerox
[13/12/2008|17:28] C:\Program Files\Xfire

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[04/07/2008|20:33] C:\Program Files\Fichiers communs\Adobe
[05/10/2008|16:51] C:\Program Files\Fichiers communs\Apple
[08/06/2008|12:43] C:\Program Files\Fichiers communs\AVSMedia
[23/04/2006|17:01] C:\Program Files\Fichiers communs\BOONTY Shared
[10/11/2008|19:33] C:\Program Files\Fichiers communs\DESIGNER
[03/01/2005|05:57] C:\Program Files\Fichiers communs\Hewlett-Packard
[03/01/2005|05:55] C:\Program Files\Fichiers communs\HP
[03/01/2005|06:08] C:\Program Files\Fichiers communs\InstallShield
[03/01/2005|05:36] C:\Program Files\Fichiers communs\Java
[11/04/2006|11:24] C:\Program Files\Fichiers communs\Logitech
[04/07/2008|20:20] C:\Program Files\Fichiers communs\Macrovision Shared
[11/11/2008|11:04] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
[25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC
[16/06/2006|18:03] C:\Program Files\Fichiers communs\Services
[03/01/2005|06:01] C:\Program Files\Fichiers communs\Sonic Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
[03/01/2005|06:02] C:\Program Files\Fichiers communs\SureThing Shared
[14/12/2008|11:27] C:\Program Files\Fichiers communs\Symantec Shared
[10/11/2008|19:28] C:\Program Files\Fichiers communs\System
[03/01/2005|06:02] C:\Program Files\Fichiers communs\TiVo Shared
[14/01/2008|19:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[31/12/2007|21:23] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 65 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\HP_PRO~1\APPLIC~1\filewa~1
C:\Program Files\filewa~1
C:\WINDOWS\Tasks\A307AF9E91882CAA.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 11:56:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 70

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:11][D:1]-> C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\HP_PRO~1\Cookies
[F:1563][D:25]-> C:\DOCUME~1\HP_PRO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 14/12/2008|11:58 - Option : [1]

--------------------\\ Fin du rapport a 11:58:49
0
Réponse 24 / 45
neor Messages postés 1119 Statut Membre 30
 
--------------nettoyage------------------------------

Relance Lop S&D :

Là,laisses toi guider:
--->choisis l'option 2 (suppression) et valides.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
francky60
 
voila

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 09/30/05 18:13:56 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081213-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:57 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 14/12/2008|12:05 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\A307AF9E91882CAA.job
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\filewa~1
Supprime! - C:\Program Files\filewa~1
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[05/10/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[05/07/2008|13:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/11/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[19/05/2007|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/12/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[23/04/2006|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[09/12/2006|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\curbbeepbookref
[04/07/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[23/03/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[03/01/2005|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[03/01/2005|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[21/07/2006|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[13/12/2008|14:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/05/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/11/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/12/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[28/12/2007|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[14/12/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[07/12/2006|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[11/04/2006|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[28/04/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[03/01/2005|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[03/01/2005|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[28/09/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[31/05/2006|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/01/2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[03/01/2005|06:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[03/01/2005|06:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[03/01/2005|06:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[07/08/2008|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[31/07/2007|17:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[21/05/2007|14:31] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/06/2008|12:43] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AVS4YOU
[13/12/2008|13:36] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio
[08/11/2008|20:44] C:\DOCUME~1\HP_PRO~1\APPLIC~1\DivX
[12/09/2006|17:49] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[12/09/2006|17:49] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
[17/12/2006|14:42] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo
[20/01/2007|13:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\F-Secure
[13/12/2008|10:38] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Google
[15/01/2008|18:41] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[02/01/2007|21:33] C:\DOCUME~1\HP_PRO~1\APPLIC~1\HP
[09/04/2006|10:48] C:\DOCUME~1\HP_PRO~1\APPLIC~1\HPQ
[08/03/2008|19:21] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[03/06/2006|13:52] C:\DOCUME~1\HP_PRO~1\APPLIC~1\InterVideo
[30/05/2006|11:58] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[07/05/2008|13:55] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[13/12/2008|14:33] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Malwarebytes
[07/12/2008|15:01] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[11/04/2006|09:55] C:\DOCUME~1\HP_PRO~1\APPLIC~1\MSNInstaller
[28/12/2007|17:21] C:\DOCUME~1\HP_PRO~1\APPLIC~1\muvee Technologies
[03/01/2005|06:10] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[29/07/2008|13:51] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Samsung
[15/03/2007|19:11] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Screenshot Sender
[07/08/2007|19:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SecuROM
[30/05/2006|11:58] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[10/05/2006|19:38] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[07/12/2008|19:00] C:\DOCUME~1\HP_PRO~1\APPLIC~1\teamspeak2
[07/12/2008|21:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\TeamViewer
[17/07/2006|12:28] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[12/07/2008|19:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\vlc
[14/12/2008|11:34] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Xfire

[09/09/2007|12:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[07/12/2008|22:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

[02/04/2008|12:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[07/12/2008|21:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/12/2008 07:21][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/12/2008 11:37][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[14/12/2008 11:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/01/2008|20:29] C:\Program Files\Activision
[21/06/2008|11:20] C:\Program Files\Activision Value
[07/08/2008|12:56] C:\Program Files\Adobe
[31/12/2007|21:24] C:\Program Files\AGEIA Technologies
[26/07/2008|11:09] C:\Program Files\Alwil Software
[07/10/2008|17:57] C:\Program Files\Apple Software Update
[18/08/2008|15:27] C:\Program Files\Audacity
[08/06/2008|12:43] C:\Program Files\AVS4YOU
[08/07/2006|17:48] C:\Program Files\BeWAN ADSL V1.9.0.10
[09/04/2006|09:57] C:\Program Files\BeWAN ADSL V1.9.0.5
[05/10/2008|16:43] C:\Program Files\Bonjour
[21/07/2006|18:39] C:\Program Files\Boonty
[16/03/2007|20:57] C:\Program Files\BoontyGames
[22/05/2007|20:57] C:\Program Files\CENEGA
[24/11/2004|02:37] C:\Program Files\ComPlus Applications
[05/09/2007|17:46] C:\Program Files\Disney Interactive
[03/11/2008|17:37] C:\Program Files\DivX
[02/05/2008|16:52] C:\Program Files\EA GAMES
[12/08/2007|16:01] C:\Program Files\Easy Internet signup
[07/07/2007|13:46] C:\Program Files\Eidos Interactive
[17/12/2006|14:42] C:\Program Files\eoRezo
[13/12/2008|13:27] C:\Program Files\Fichiers communs
[07/11/2008|19:43] C:\Program Files\Free Audio Pack
[15/07/2007|18:51] C:\Program Files\GameSpy Arcade
[24/03/2008|02:38] C:\Program Files\Google
[12/09/2006|17:49] C:\Program Files\Hewlett-Packard
[03/01/2005|05:52] C:\Program Files\HP
[12/08/2007|16:01] C:\Program Files\hp deskjet 930c series
[13/12/2008|16:48] C:\Program Files\InstallShield Installation Information
[22/05/2007|18:19] C:\Program Files\Interactive Vision
[13/12/2008|10:35] C:\Program Files\Internet Explorer
[03/01/2005|06:03] C:\Program Files\InterVideo
[05/10/2008|16:53] C:\Program Files\iPod
[05/10/2008|16:53] C:\Program Files\iTunes
[19/06/2007|19:14] C:\Program Files\IZArc
[07/12/2008|17:50] C:\Program Files\Java
[28/05/2008|15:17] C:\Program Files\JS Star
[13/12/2008|10:17] C:\Program Files\Konvertor
[11/04/2006|11:23] C:\Program Files\Logitech
[01/02/2007|21:26] C:\Program Files\Macrogaming
[13/12/2008|14:33] C:\Program Files\Malwarebytes' Anti-Malware
[23/03/2008|23:50] C:\Program Files\MeeSoft
[21/07/2006|18:39] C:\Program Files\Mes Jeux T‚l‚charg‚s
[20/08/2008|01:40] C:\Program Files\Messenger
[09/09/2008|18:56] C:\Program Files\Messenger Plus! Live
[11/04/2006|11:38] C:\Program Files\Micro Application
[17/01/2008|01:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/05/2006|10:38] C:\Program Files\Microsoft Encarta
[25/11/2004|04:27] C:\Program Files\microsoft frontpage
[10/11/2008|19:33] C:\Program Files\Microsoft Office
[14/01/2008|19:50] C:\Program Files\Microsoft SQL Server Compact Edition
[10/11/2008|19:33] C:\Program Files\Microsoft Visual Studio
[10/11/2008|19:33] C:\Program Files\Microsoft Works
[10/11/2008|19:32] C:\Program Files\Microsoft.NET
[20/08/2008|01:30] C:\Program Files\Movie Maker
[28/07/2008|19:03] C:\Program Files\MSECACHE
[11/04/2006|09:54] C:\Program Files\MSN
[11/04/2006|10:59] C:\Program Files\MSN Apps
[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone
[19/11/2006|13:45] C:\Program Files\MSXML 4.0
[03/01/2005|06:09] C:\Program Files\muvee Technologies
[13/12/2008|14:14] C:\Program Files\Navilog1
[20/08/2008|01:28] C:\Program Files\NetMeeting
[25/11/2004|04:27] C:\Program Files\Online Services
[20/08/2008|01:28] C:\Program Files\Outlook Express
[05/10/2008|16:52] C:\Program Files\QuickTime
[02/11/2006|14:07] C:\Program Files\ReflexiveArcade
[13/12/2008|16:48] C:\Program Files\Saitek
[29/07/2008|13:47] C:\Program Files\Samsung
[03/01/2005|06:17] C:\Program Files\Services en ligne
[29/12/2007|15:32] C:\Program Files\Shareaza
[03/01/2005|06:02] C:\Program Files\Sonic
[28/09/2008|19:06] C:\Program Files\Spybot - Search & Destroy
[04/12/2006|19:04] C:\Program Files\Styliste3
[02/05/2008|17:31] C:\Program Files\SystemRequirementsLab
[07/12/2008|19:44] C:\Program Files\Teamspeak2_RC2
[07/12/2008|21:29] C:\Program Files\TeamViewer3
[13/03/2008|16:33] C:\Program Files\Tele2
[13/12/2008|11:52] C:\Program Files\Trend Micro
[14/08/2007|23:52] C:\Program Files\Ubi Soft
[21/09/2007|18:46] C:\Program Files\UBISOFT
[24/11/2004|02:37] C:\Program Files\Uninstall Information
[04/11/2008|18:10] C:\Program Files\Veoh Networks
[12/07/2008|18:58] C:\Program Files\VideoLAN
[16/07/2007|22:01] C:\Program Files\Wanted Guns
[24/03/2008|00:33] C:\Program Files\Windows Defender
[02/05/2008|16:41] C:\Program Files\Windows Installer Clean Up
[31/05/2006|16:25] C:\Program Files\Windows Journal Viewer
[28/02/2008|01:02] C:\Program Files\Windows Live
[20/08/2008|01:28] C:\Program Files\Windows Media Player
[20/08/2008|01:28] C:\Program Files\Windows NT
[24/11/2004|02:37] C:\Program Files\WindowsUpdate
[25/11/2004|04:28] C:\Program Files\xerox
[13/12/2008|17:28] C:\Program Files\Xfire

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[04/07/2008|20:33] C:\Program Files\Fichiers communs\Adobe
[05/10/2008|16:51] C:\Program Files\Fichiers communs\Apple
[08/06/2008|12:43] C:\Program Files\Fichiers communs\AVSMedia
[23/04/2006|17:01] C:\Program Files\Fichiers communs\BOONTY Shared
[10/11/2008|19:33] C:\Program Files\Fichiers communs\DESIGNER
[03/01/2005|05:57] C:\Program Files\Fichiers communs\Hewlett-Packard
[03/01/2005|05:55] C:\Program Files\Fichiers communs\HP
[03/01/2005|06:08] C:\Program Files\Fichiers communs\InstallShield
[03/01/2005|05:36] C:\Program Files\Fichiers communs\Java
[11/04/2006|11:24] C:\Program Files\Fichiers communs\Logitech
[04/07/2008|20:20] C:\Program Files\Fichiers communs\Macrovision Shared
[11/11/2008|11:04] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap
[25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC
[16/06/2006|18:03] C:\Program Files\Fichiers communs\Services
[03/01/2005|06:01] C:\Program Files\Fichiers communs\Sonic Shared
[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines
[03/01/2005|06:02] C:\Program Files\Fichiers communs\SureThing Shared
[14/12/2008|11:27] C:\Program Files\Fichiers communs\Symantec Shared
[10/11/2008|19:28] C:\Program Files\Fichiers communs\System
[03/01/2005|06:02] C:\Program Files\Fichiers communs\TiVo Shared
[14/01/2008|19:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[31/12/2007|21:23] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 64 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:06:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 70

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:11][D:1]-> C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\HP_PRO~1\Cookies
[F:1612][D:25]-> C:\DOCUME~1\HP_PRO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 14/12/2008|11:58 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14/12/2008|12:07 - Option : [2]

--------------------\\ Fin du rapport a 12:07:23
0
Réponse 26 / 45
neor Messages postés 1119 Statut Membre 30
 
-------------------recherche---------------------------

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://neor244.free.fr/ADR.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 27 / 45
francky60
 
voici

--------- Logfile of AD-Remover 1.0.5.9 by C_XX ---------

# START at: 13:39:42 | 14/12/2008 ON Microsoft® Windows XP ™ v5.1.2600
# BOOT MODE: Normal

# OPTION: Scan
# EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: NOM-EB85C523610 | USER: HP_Propri‚taire ( Current user is an administrator )

# DRIVE(S): C:\
# Systemdrive: C:\ (NTFS)
# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 57 ] ---------

\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe

-----------------------------------

+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND ..
+---------------------------------------------------------------------------+

Found ! - "Boonty Games"

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND ..
+---------------------------------------------------------------------------+

"HKEY_CLASSES_ROOT\boontybox"
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\Software\Classes\boontybox"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoPhoto"
"HKEY_CLASSES_ROOT\.sud"
"HKEY_CLASSES_ROOT\sud_ext"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND ..
+---------------------------------------------------------------------------+

[21/07/2006 18:39|d--------] C:\Program Files\Boonty
[16/03/2007 20:57|d--------] C:\Program Files\BoontyGames
[23/04/2006 17:01|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
[23/04/2006 17:01|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY
[17/12/2006 14:42|d--------] C:\Program Files\EoRezo
[17/12/2006 14:42|d--------] C:\Documents and Settings\HP_Propri‚taire\Application Data\EoRezo
[01/02/2007 21:26|d--------] C:\Program Files\Macrogaming

+---------------------------------------------------------------------------+
+------------------------------- ADDED SCAN ..
+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\...\Run]

MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
SfKg6wIPu REG_SZ C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
Smax4 REG_SZ "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"

+--[HKEY_LOCAL_MACHINE\...\Run]

SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAShCut.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
SoundMan REG_SZ SOUNDMAN.EXE
AlcWzrd REG_SZ ALCWZRD.EXE
Alcmtr REG_SZ ALCMTR.EXE
HPHUPD08 REG_SZ c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HP Software Update REG_EXPAND_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
Share-to-Web Namespace Daemon REG_SZ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
EoEngine REG_SZ
EoPhoto REG_SZ
F-Secure Manager REG_SZ "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
F-Secure Startup Wizard REG_SZ "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
F-Secure TNB REG_SZ "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
Windows Defender REG_SZ "C:\Program Files\Windows Defender\MSASCui.exe" -hide
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Profiler REG_SZ C:\Program Files\Saitek\Software\ProfilerU.exe
SaiMfd REG_SZ C:\Program Files\Saitek\Software\SaiMfd.exe

+--[HKEY_USERS\.DEFAULT\...\Run]

DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

+--[HKEY_CURRENT_USER\...\Internet Explorer\MAIN]

Start Page : hxxp://www.tele2.fr/

+--[HKEY_LOCAL_MACHINE\...\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 168 lines ]
+---------------------------------------------------------------------------+

- "C:\AD-report-14.12.2008.log" (8713 octets)

[ END at: 13:40:03 | 14/12/2008 ] - [ Time elapsed: 21.4 seconds ]
0
Réponse 28 / 45
neor Messages postés 1119 Statut Membre 30
 
------------------------nettoyage----------------------------------

relance ad remover
choisi l'option B
coche boonty,eorezo
appui sur S
colle le rapport de désinfection
0
Réponse 29 / 45
francky60
 
--------- Logfile of AD-Remover 1.0.5.9 by C_XX ---------
voila

*** Limited to ***

Boonty/BoontyGames
Eorezo

******************

# START at: 14:08:24 | 14/12/2008 ON Microsoft® Windows XP ™ v5.1.2600
# BOOT MODE: Normal

# OPTION: Scan
# EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: NOM-EB85C523610 | USER: HP_Propri‚taire ( Current user is an administrator )

# DRIVE(S): C:\
# Systemdrive: C:\ (NTFS)
# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 57 ] ---------

\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe

-----------------------------------

(!) ---- IE start pages reset

+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED ..
+---------------------------------------------------------------------------+

Deleted successfully ! - "Boonty Games"

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED ..
+---------------------------------------------------------------------------+

"HKEY_CLASSES_ROOT\boontybox"
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoPhoto"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED ..
+---------------------------------------------------------------------------+

[21/07/2006 18:39|d--------] C:\Program Files\Boonty
[16/03/2007 20:57|d--------] C:\Program Files\BoontyGames
[23/04/2006 17:01|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
[23/04/2006 17:01|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY
[17/12/2006 14:42|d--------] C:\Program Files\EoRezo
[17/12/2006 14:42|d--------] C:\Documents and Settings\HP_Propri‚taire\Application Data\EoRezo

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+---------------------------------------------------------------------------+
+------------------------------- ADDED SCAN ..
+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\...\Run]

MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
SfKg6wIPu REG_SZ C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
Smax4 REG_SZ "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"

+--[HKEY_LOCAL_MACHINE\...\Run]

SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAShCut.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
SoundMan REG_SZ SOUNDMAN.EXE
AlcWzrd REG_SZ ALCWZRD.EXE
Alcmtr REG_SZ ALCMTR.EXE
HPHUPD08 REG_SZ c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HP Software Update REG_EXPAND_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
Share-to-Web Namespace Daemon REG_SZ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F-Secure Manager REG_SZ "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
F-Secure Startup Wizard REG_SZ "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
F-Secure TNB REG_SZ "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
Windows Defender REG_SZ "C:\Program Files\Windows Defender\MSASCui.exe" -hide
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Profiler REG_SZ C:\Program Files\Saitek\Software\ProfilerU.exe
SaiMfd REG_SZ C:\Program Files\Saitek\Software\SaiMfd.exe

+--[HKEY_USERS\.DEFAULT\...\Run]

DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

+--[HKEY_CURRENT_USER\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 168 lines ]
+---------------------------------------------------------------------------+

- "C:\AD-report-14.12.2008.log" (8328 octets)

[ END at: 14:12:19 | 14/12/2008 ] - [ Time elapsed: 3 minutes, 54 seconds ]
0
Réponse 30 / 45
neor Messages postés 1119 Statut Membre 30
 
refais un hijack STP
0
francky60
 
Bonjour neor,

Peux tu me dire si mon pc est clean ?
Que dois je faire des logiciels que j'ai télécharger ? (détéctés par avast comme virus)

Merci pour ton aide
0
Réponse 31 / 45
francky60
 
voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:09, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pack Sécurité TELE2 Internet.lnk = C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0
Réponse 32 / 45
neor Messages postés 1119 Statut Membre 30
 
il y a encore ca de pas normal
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
faut que je vois ce que c'est

vas dans ajout suppr de programme et désinstalle les toolbars
0
Réponse 33 / 45
francky60
 
Bonjour neor,

Merci de m'avoir répondu,

Je ne peux faire aucune manip avant Vendredi soir car, je suis en Allemagne toute la semaine
Je t'écrit avec mon portable du boulot
Je te recontact dés que j'ai fais la manip que tu m'a demandé

Encore merci,
0
Réponse 34 / 45
francky60
 
Bonjour neor,

j'ai supprimé un tool bar msn, il n'y a que lui qui été présent dans ajout/suppression de programme
puis j'ai fais un hjackthis

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:13, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pack Sécurité TELE2 Internet.lnk = C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0
Réponse 35 / 45
francky60
 
Re bonjour neor,

Je ne sais pas si tu as eu mon dernier message
0
Réponse 36 / 45
neor Messages postés 1119 Statut Membre 30
 
Télécharge OTMoveIt3 de OldTimer
http://oldtimer.geekstogo.com/OTMoveIt3.exe

* Enregistre-le sur ton bureau
* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) : 

:processes
explorer.exe

:files
C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe
 
:commands
[emptytemp]
[Reboot]


* Clique sur le bouton rouge Moveit! pour lancer le nettoyage
* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
* Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...
0
francky60
 
voila

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe not found.
File/Folder C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_910.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_498.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12202008_160514
0
francky60
 
Bonjour neor,

J'éspére que tu ne m'a pas laisser tomber
0
Réponse 37 / 45
neor Messages postés 1119 Statut Membre 30
 
1- Hijackthis

Tu le lances par Scan only et tu coches les lignes suivantes :
Les R1 à 03 concernent Internet Explorer et ne sont pas nécessaires.
Les 04 sont des intrus.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Tu cliques sur Fix checked.

2 - Poste un rapport Nod32
- ouvre cette adresse avec internet explorer https://www.eset.com/
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
0
francky60
 
J'ai pas bien compris ce que je dois cocher

Les R1 à 03 oui /non
Les 04 oui/non

Pour le reste ok je coche
0
Réponse 38 / 45
neor Messages postés 1119 Statut Membre 30
 
Tu le lances par Scan only et tu coches les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Tu clique sur Fix checked.
0
francky60
 
Voila

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3709 (20081220)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=e8e33d5c6b106e42867a05b3023ba293
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-21 03:20:19
# local_time=2008-12-21 04:20:19 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 3
# scanned=555870
# found=3
# scan_time=5685
C:\Program Files\Shareaza\Downloads\(iSO) convertisseur avi à wmv [New Version] [Dirty].zip Win32/Agent.NPZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Shareaza\Downloads\kotoko lament.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) C6DFFEC828C6764DDFAD691EEC55C0D3
C:\Program Files\Shareaza\Downloads\www.torrent.to call of duty 4 fr by DONE (Divx).zip Win32/Agent.NPZ trojan (unable to clean - deleted) 00000000000000000000000000000000
0
Réponse 39 / 45
neor Messages postés 1119 Statut Membre 30
 
1- Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
0
francky60
 
Bonjour neor,

J'ai fais ce que tu m'a demander
Et maintenant, que dois je faire ?
0
Réponse 40 / 45
neor Messages postés 1119 Statut Membre 30
 
http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute

apres ca devrait etre bon
0

Discussions similaires

Supprimer son compte Temu
liwei -
Mel -

8 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Mon antivirus detecte un Trojan Gen.2
Utilisateur anonyme -
Fish66 -

25 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses