Besoin d'aide !! Fenetre pub + systeme doctor etc
Forum Sécurité - Virus : Besoin d'aide !! Fenetre pub + systeme doctor etc
Bonjour,
Comme bien d'autres, je suis saturé de pub qui apparaissent en permanence et de fichiers dits de " SECURITE" qui apparraissent qd je suis connecté.
Je colle ci dessous le rapport hijackthis
Merci d'avance.
PS : avant j'étais embêté aussi par "ERRORSAFE", ce matin j'ai viré Spybot et réinstallé et en le faisant tourner, il me l'aurait supprimer !!! Pas vu le la journée ERRORSAFE, enfin à confirmer.
Logfile of HijackThis v1.99.1
Scan saved at 17:43:49, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe
C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\COMOne\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMOne\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/red [...] ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/red [...] R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/fr/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EB0326E1-E12D-C988-7B95-B39E8C6503BA} - C:\WINDOWS\system32\avrgykn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B94F6C00-A43D-AF03-ACE0-6AF8373F8A87} - C:\DOCUME~1\JEANFR~1\APPLIC~1\POKEJO~1\bows body.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EB0326E1-E12D-C988-7B95-B39E8C6503BA} - C:\WINDOWS\system32\avrgykn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Roto] "C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Ewkaoxj] C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C10071BA-787D-4DFF-A13E-12D1B806FA02}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Bonjour,
Plusieurs infections.
Possèdes-tu ce dossier :
C:\Program Files\Medion\PowerCinema\My_TV\Bak\
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Bonjour et merci
J'ai trouvé
C:\Program Files\Medion\PowerCinema\My_TV
Dans le répertoire My_TV , que des fichiers mais aucun ne s'appelle BAK
Ci-joint rapport comme demandé
Logfile of HijackThis v1.99.1
Scan saved at 18:14:38, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe
C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\COMOne\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMOne\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/red [...] ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/red [...] R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/fr/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EB0326E1-E12D-C988-7B95-B39E8C6503BA} - C:\WINDOWS\system32\avrgykn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B94F6C00-A43D-AF03-ACE0-6AF8373F8A87} - C:\DOCUME~1\JEANFR~1\APPLIC~1\POKEJO~1\bows body.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EB0326E1-E12D-C988-7B95-B39E8C6503BA} - C:\WINDOWS\system32\avrgykn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Roto] "C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Ewkaoxj] C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C10071BA-787D-4DFF-A13E-12D1B806FA02}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
OK.
- Télécharge combofix.exe (par sUBs) sur ton Bureau
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Ok voila le rapport
Jean Fran‡ois - 06-11-03 18:24:02,06 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Jean Fran‡ois\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\regsvr32.dll
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\SEMBLY~1
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\Program Files\Wanadoo\jfr\DOBE~1
C:\QooBox\Purity\Program Files\Wanadoo\jfr\YSTEM~1
C:\QooBox\Purity\Program Files\Wanadoo\jfr\YSTEM~1\??ool32.exe
C:\QooBox\Purity\WINDOWS\ASEMBL~1
C:\QooBox\Purity\WINDOWS\DOBE~1
C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\TSKS~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM3~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 ))))))))))))))))))))))))))))))))))
2006-11-03 18:07 6,469,352 --a------ C:\avgas-setup-7.5.0.50.exe
2006-11-03 17:40 218,112 --a------ C:\scanner.exe
2006-11-03 10:03 5,037,072 --a------ C:\spybotsd14.exe
2006-11-02 05:39 131,072 --a------ C:\WINDOWS\system32\avrgykn.dll
2006-10-21 20:53 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2006-10-21 20:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-21 20:48 3,031,040 --------- C:\WINDOWS\UNNeroVision.exe
2006-10-21 20:47 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-21 20:47 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-21 20:47 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-10-21 20:47 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-21 20:47 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-21 20:47 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-10-21 20:47 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-02 05:39 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-11-01 16:17 -------- d-------- C:\Program Files\eMule
2006-10-24 13:24 -------- d-------- C:\Documents and Settings\Jean Fran‡ois\Application Data\Ahead
2006-10-21 20:53 -------- d-------- C:\Program Files\Ahead
2006-10-21 20:52 -------- d-a------ C:\Program Files\Fichiers communs
2006-10-21 20:52 -------- d-------- C:\Program Files\Fichiers communs\LightScribe
2006-10-21 20:49 -------- d-------- C:\Program Files\Fichiers communs\Nero
2006-10-21 20:47 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-09-29 08:07 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-22 18:36 -------- d-------- C:\Program Files\MSN Messenger
2006-09-22 18:36 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-22 18:32 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-09-20 18:51 -------- d-------- C:\Documents and Settings\Jean Fran‡ois\Application Data\uTorrent
2006-09-20 12:36 -------- d-------- C:\Documents and Settings\Jean Fran‡ois\Application Data\vlc
2006-09-20 11:53 -------- d-------- C:\Program Files\VideoLAN
2006-09-19 18:02 -------- d-------- C:\Program Files\Common Files
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-09 21:17 -------- d-------- C:\Program Files\Internet Explorer
2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"LDM"="\\Program\\BackWeb-8876480.exe"
"Roto"="\"C:\\PROGRA~1\\COMMON~1\\SEMBLY~1\\ntvdm.exe\" -vt yazb"
"Ewkaoxj"="C:\\PROGRA~1\\Wanadoo\\jfr\\YSTEM~1\\OOL32~1.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Agent"="C:\\Program Files\\Medion\\PowerCinema\\My_TV\\Agent.exe"
"Dit"="Dit.exe"
"CapFax"="C:\\Program Files\\Classic PhoneTools\\CapFax.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"LWBMOUSE"="C:\\Program Files\\Trust\\AMI MOUSE 250SP WIRELESS OPTICAL\\lwbwheel.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SoundMan"="SOUNDMAN.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/medici/14_4/mail/mailcommonlib.js"
"SubscribedURL"="http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/medici/14_4/mail/mailcommonlib.js"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:14,6d,c0,03,41,c0,ab,74,08,50,63,02,68,de,c0,03,20,6d,\
c0,03,b4,5f,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,55,00,00,00,00,00,00,00,ab,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,55,00,00,00,00,00,00,00,ab,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-03 18:26:27.00
C:\ComboFix.txt ... 06-11-03 18:26
Re,
Purity->éliminé
- Télécharge SpySweeper (de Webroot, version d'essai de 14 jours) :
-Clique sur "Télécharger la version test".
-Installe le programme en choississant "installation standard".
-Accepte le redémarrage
-L'option de le mettre à jour s'affichera, acceptes la mise à jour
-Lorsque les mises à jour seront installées, dans colonne de gauche clique sur l'onglet Options puis analyse.
-Sous Eléments à analyser et Autres options coche toutes les cases.
-Ferme SpySweeper
La suite étant faite en mode sans échec, imprime ou copie/colle dans un fichier texte les instructions suivantes
- Redémarre en mode sans échec : au redémarrage, tapotes immédiatement la touche F8, tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
- Démarre SpySweeper
-Clique Analyser sur la gauche puis sur Démarrer l'analyse.
-Quand le scan est terminé, clique sur Suivant.
-Assure-toi que tous les éléments trouvés sont tous cochés, puis clic sur Suivant.
-Tous les éléments cochés seront alors mis en quarantaine.
-Dans "Récapitulatif", sélectionne en bas Afficher le journal de session puis Enregistrer dans un fichier afin de sauvegarder le rapport.
- Redémarre normalement
- Désinstalle SpySweeper à partir de ajout/suppression de programme sauf si tu veux continuer l'évaluation pendant 15 jours.
- Copie/colle le rapport de SpySweeper ici
Voila le rapport SpySweeper.
19:58: Removal process completed. Elapsed time 00:07:45
19:57: 10-{ac425a8c-b9d4-74eb-74ab-a80eb74ae4b5}-v1-{edbb91ea-d292-47d7-b44a-7f409ec81f06}-v10-downloaded.frx is in use. It will be removed on reboot.
19:57: 10-{ac425a8c-b9d4-74eb-74ab-a80eb74ae4b5}-v1-{2cb5deb0-e277-45c5-ae1b-3a29672a0103}-v10-downloaded.frx is in use. It will be removed on reboot.
19:57: potentially rootkit-masked files is in use. It will be removed on reboot.
19:57: Quarantining All Traces: potentially rootkit-masked files
19:57: Quarantining All Traces: gain - common components
19:57: Quarantining All Traces: ufp 007 spy
19:57: Quarantining All Traces: lopdotcom
19:57: Quarantining All Traces: brilliant digital
19:57: Quarantining All Traces: purityscan
19:54: Quarantining All Traces: clipgenie
19:54: Quarantining All Traces: whenu
19:54: Quarantining All Traces: bullguard popup ad
19:54: Quarantining All Traces: reliablestats cookie
19:54: Quarantining All Traces: questionmarket cookie
19:54: Quarantining All Traces: cassava cookie
19:54: Quarantining All Traces: a cookie
19:54: Quarantining All Traces: 888 cookie
19:54: Quarantining All Traces: tribalfusion cookie
19:54: Quarantining All Traces: tradedoubler cookie
19:54: Quarantining All Traces: statcounter cookie
19:54: Quarantining All Traces: serving-sys cookie
19:54: Quarantining All Traces: revenue.net cookie
19:54: Quarantining All Traces: overture cookie
19:54: Quarantining All Traces: metriweb.be cookie
19:54: Quarantining All Traces: mediaplex cookie
19:54: Quarantining All Traces: webtrends cookie
19:54: Quarantining All Traces: comclick cookie
19:54: Quarantining All Traces: fe.lea.lycos.com cookie
19:54: Quarantining All Traces: fastclick cookie
19:54: Quarantining All Traces: casalemedia cookie
19:54: Quarantining All Traces: bs.serving-sys cookie
19:54: Quarantining All Traces: falkag cookie
19:54: Quarantining All Traces: advertising cookie
19:54: Quarantining All Traces: pointroll cookie
19:54: Quarantining All Traces: adrevolver cookie
19:54: Quarantining All Traces: hbmediapro cookie
19:54: Quarantining All Traces: yieldmanager cookie
19:54: Quarantining All Traces: websponsors cookie
19:54: Quarantining All Traces: 247realmedia cookie
19:54: Quarantining All Traces: xiti cookie
19:54: Quarantining All Traces: weborama cookie
19:54: Quarantining All Traces: bluestreak cookie
19:54: Quarantining All Traces: adtech cookie
19:53: Quarantining All Traces: 2o7.net cookie
19:53: Quarantining All Traces: atlas dmt cookie
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST5C2.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST5A9.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST58E.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST574.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST559.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Quarantining All Traces: instafinder
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST52B.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST510.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST4F8.tmp". Reason: Le fichier spécifié est introuvable
19:53: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:52: Quarantining All Traces: cydoor
19:52: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST42E.tmp". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:52: Quarantining All Traces: networkessentials
19:52: Quarantining All Traces: keenvalue/perfectnav
19:52: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST3BD.tmp". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST3A2.tmp". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST389.tmp". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST36F.tmp". Reason: Le fichier spécifié est introuvable
19:52: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable
19:52: Quarantining All Traces: great net downloadware
19:51: Quarantining All Traces: delfin
19:50: Quarantining All Traces: altnet
19:50: Removal process initiated
19:44: Traces Found: 423
19:44: Full Sweep has completed. Elapsed time 00:53:44
19:44: File Sweep Complete, Elapsed Time: 00:49:18
19:44: delfin media viewer.lnk (ID = 2147486168)
19:44: about delfin media viewer.lnk (ID = 2147486168)
19:38: asmfiles.cab (ID = 165635)
19:34: Warning: Stream read error
19:34: 10-{ac425a8c-b9d4-74eb-74ab-a80eb74ae4b5}-v1-{edbb91ea-d292-47d7-b44a-7f409ec81f06}-v10-downloaded.frx (ID = 0)
19:34: 10-{ac425a8c-b9d4-74eb-74ab-a80eb74ae4b5}-v1-{2cb5deb0-e277-45c5-ae1b-3a29672a0103}-v10-downloaded.frx (ID = 0)
19:34: Found System Monitor: potentially rootkit-masked files
19:34: Warning: Failed to access drive L:
19:34: Warning: Failed to access drive K:
19:34: Warning: Failed to access drive J:
19:34: Warning: Failed to access drive I:
19:34: Warning: Failed to access drive H:
19:34: Warning: Failed to access drive G:
19:30: bundle.inf (ID = 61287)
19:30: Found Adware: gain - common components
19:30: delfined.edx (ID = 57686)
19:30: playerstyles.css (ID = 53062)
19:30: f3_5.html (ID = 53054)
19:30: f3_4b.html (ID = 53053)
19:30: f3_4a_files.html (ID = 53052)
19:30: f3_3.html (ID = 53051)
19:30: f3_2b.html (ID = 53050)
19:30: f3_2a_player.html (ID = 53085)
19:30: f3_1.html (ID = 53048)
19:30: f2.html (ID = 53047)
19:30: f1_3.html (ID = 53046)
19:30: f1_2a.html (ID = 53044)
19:30: f1_1.html (ID = 53043)
19:30: launch.html (ID = 53068)
19:30: guistyles.css (ID = 53062)
19:30: channels.js (ID = 53036)
19:30: channelstyles.css (ID = 53062)
19:30: content.js (ID = 53041)
19:30: delfinbd.edx (ID = 57686)
19:30: delfinaf.edx (ID = 57679)
19:30: delfinld.edx (ID = 57686)
19:30: delfindl.edx (ID = 57686)
19:29: Warning: Failed to open file "c:\documents and settings\caroline\local settings\temporary internet files\content.ie5\ot0dajct\showfolder[1].". Opération réussie
19:29: Warning: Failed to open file "c:\documents and settings\caroline\local settings\temporary internet files\content.ie5\ot0dajct\wanadoo[1].". Opération réussie
19:28: Warning: Failed to open file "c:\documents and settings\jean françois\local settings\temporary internet files\content.ie5\4ha7k92r\bureautique[1].". Opération réussie
19:28: Warning: Failed to open file "c:\documents and settings\caroline\local settings\temporary internet files\content.ie5\ot0dajct\boards[1].". Opération réussie
19:28: Warning: Failed to open file "c:\documents and settings\caroline\local settings\temporary internet files\content.ie5\6dvo10bi\rondeetjolie[1].". Opération réussie
19:28: Warning: Failed to open file "c:\documents and settings\caroline\local settings\temporary internet files\content.ie5\qqidtl0a\showletter[1].". Opération réussie
19:28: delfinid.edx (ID = 57691)
19:28: delfinco.edx (ID = 57686)
19:27: delfinmediaviewer_sn2.10.0003.exe (ID = 200512)
19:27: Warning: Failed to open file "c:\documents and settings\caroline\local settings\temporary internet files\content.ie5\8f9jqufh\fr[1].". Opération réussie
19:26: peer points manager.lnk (ID = 49852)
19:24: a0061161.exe (ID = 450)
19:22: a0061344.exe (ID = 450)
19:22: 007ssinstall.exe (ID = 197648)
19:21: 007ssinstall3.6.exe (ID = 48058)
19:21: Found System Monitor: ufp 007 spy
19:20: waveblah.exe (ID = 463)
19:20: Found Adware: lopdotcom
19:20: asmfiles.cab (ID = 49805)
19:16: bderastmmx3.dll (ID = 51760)
19:16: Found Adware: brilliant digital
19:16: wrdpreview.wmv (ID = 53093)
19:16: main.html (ID = 53069)
19:16: extpreview.wmv (ID = 53042)
19:16: casinopreview.wmv (ID = 53029)
19:16: celebpreview.wmv (ID = 53030)
19:16: grvpreview.wmv (ID = 53061)
19:16: bikpreview.wmv (ID = 53028)
19:15: y1304ou.exe (ID = 325505)
19:15: Found Adware: purityscan
19:07: scroller.swf (ID = 53090)
19:06: f1_2b_categories.html (ID = 53045)
18:58: playerslices.htm (ID = 53080)
18:58: player.html (ID = 53078)
18:58: Found Adware: clipgenie
18:56: delfinad.ebd (ID = 57676)
18:56: delfinlo.ebd (ID = 57688)
18:56: whenu (5 subtraces) (ID = 2147486913)
18:56: Found Adware: whenu
18:55: delfin (12 subtraces) (ID = 2147486158)
18:55: medialoads (247 subtraces) (ID = 2147525733)
18:55: delfin media viewer (3 subtraces) (ID = 2147486166)
18:55: delfin (ID = 2147486168)
18:55: altnet (ID = 2147485861)
18:55: bullguard (ID = 2147490887)
18:55: Found Adware: bullguard popup ad
18:55: admcache (ID = 2147485859)
18:54: Starting File Sweep
18:54: Cookie Sweep Complete, Elapsed Time: 00:00:04
18:54: jean françois@xiti[1].txt (ID = 3717)
18:54: jean françois@weborama[1].txt (ID = 3658)
18:54: jean françois@tradedoubler[1].txt (ID = 3575)
18:54: jean françois@stats1.reliablestats[1].txt (ID = 3254)
18:54: Found Spy Cookie: reliablestats cookie
18:54: jean françois@serving-sys[2].txt (ID = 3343)
18:54: jean françois@revenue[2].txt (ID = 3257)
18:54: jean françois@questionmarket[2].txt (ID = 3217)
18:54: Found Spy Cookie: questionmarket cookie
18:54: jean françois@msnportal.112.2o7[1].txt (ID = 1958)
18:54: jean françois@m.webtrends[2].txt (ID = 3669)
18:54: jean françois@iv2.bluestreak[1].txt (ID = 2315)
18:54: jean françois@fl01.ct2.comclick[1].txt (ID = 2450)
18:54: jean françois@cassava[1].txt (ID = 2362)
18:54: Found Spy Cookie: cassava cookie
18:54: jean françois@bluestreak[2].txt (ID = 2314)
18:54: jean françois@a[1].txt (ID = 2027)
18:54: Found Spy Cookie: a cookie
18:54: jean françois@as1.falkag[1].txt (ID = 2650)
18:54: jean françois@adtech[2].txt (ID = 2155)
18:54: jean françois@ads1.revenue[1].txt (ID = 3258)
18:54: jean françois@adopt.hbmediapro[2].txt (ID = 2768)
18:54: jean françois@ad.yieldmanager[2].txt (ID = 3751)
18:54: jean françois@888[2].txt (ID = 2019)
18:54: jean françois@888[1].txt (ID = 2019)
18:54: Found Spy Cookie: 888 cookie
18:54: jean françois@247realmedia[2].txt (ID = 1953)
18:54: esteban@yieldmanager[1].txt (ID = 3749)
18:54: esteban@xiti[1].txt (ID = 3717)
18:54: esteban@wrigley.122.2o7[1].txt (ID = 1958)
18:54: esteban@weborama[1].txt (ID = 3658)
18:54: esteban@tribalfusion[1].txt (ID = 3589)
18:54: Found Spy Cookie: tribalfusion cookie
18:54: esteban@tradedoubler[1].txt (ID = 3575)
18:54: Found Spy Cookie: tradedoubler cookie
18:54: esteban@statcounter[1].txt (ID = 3447)
18:54: Found Spy Cookie: statcounter cookie
18:54: esteban@serving-sys[2].txt (ID = 3343)
18:54: Found Spy Cookie: serving-sys cookie
18:54: esteban@revenue[1].txt (ID = 3257)
18:54: Found Spy Cookie: revenue.net cookie
18:54: esteban@overture[1].txt (ID = 3105)
18:54: Found Spy Cookie: overture cookie
18:54: esteban@msnportal.112.2o7[1].txt (ID = 1958)
18:54: esteban@msnlivefavorites.112.2o7[1].txt (ID = 1958)
18:54: esteban@microsofteup.112.2o7[1].txt (ID = 1958)
18:54: esteban@metriweb[1].txt (ID = 2992)
18:54: Found Spy Cookie: metriweb.be cookie
18:54: esteban@mediaplex[1].txt (ID = 6442)
18:54: Found Spy Cookie: mediaplex cookie
18:54: esteban@m.webtrends[1].txt (ID = 3669)
18:54: Found Spy Cookie: webtrends cookie
18:54: esteban@fl01.ct2.comclick[2].txt (ID = 2450)
18:54: Found Spy Cookie: comclick cookie
18:54: esteban@fe.lea.lycos[1].txt (ID = 2660)
18:54: Found Spy Cookie: fe.lea.lycos.com cookie
18:54: esteban@fastclick[2].txt (ID = 2651)
18:54: Found Spy Cookie: fastclick cookie
18:54: esteban@casalemedia[1].txt (ID = 2354)
18:54: Found Spy Cookie: casalemedia cookie
18:54: esteban@bs.serving-sys[1].txt (ID = 2330)
18:54: Found Spy Cookie: bs.serving-sys cookie
18:54: esteban@bluestreak[2].txt (ID = 2314)
18:54: esteban@atdmt[2].txt (ID = 2253)
18:54: esteban@as1.falkag[1].txt (ID = 2650)
18:54: Found Spy Cookie: falkag cookie
18:54: esteban@aolfr.122.2o7[1].txt (ID = 1958)
18:54: esteban@advertising[1].txt (ID = 2175)
18:54: Found Spy Cookie: advertising cookie
18:54: esteban@adtech[2].txt (ID = 2155)
18:54: esteban@ads.pointroll[1].txt (ID = 3148)
18:54: Found Spy Cookie: pointroll cookie
18:54: esteban@adrevolver[1].txt (ID = 2088)
18:54: Found Spy Cookie: adrevolver cookie
18:54: esteban@adopt.hbmediapro[2].txt (ID = 2768)
18:54: Found Spy Cookie: hbmediapro cookie
18:54: esteban@ad.yieldmanager[2].txt (ID = 3751)
18:54: Found Spy Cookie: yieldmanager cookie
18:54: esteban@a.websponsors[2].txt (ID = 3665)
18:54: Found Spy Cookie: websponsors cookie
18:54: esteban@2o7[1].txt (ID = 1957)
18:54: esteban@247realmedia[1].txt (ID = 1953)
18:54: Found Spy Cookie: 247realmedia cookie
18:54: caroline@xiti[1].txt (ID = 3717)
18:54: Found Spy Cookie: xiti cookie
18:54: caroline@weborama[2].txt (ID = 3658)
18:54: Found Spy Cookie: weborama cookie
18:54: caroline@bluestreak[1].txt (ID = 2314)
18:54: Found Spy Cookie: bluestreak cookie
18:54: caroline@adtech[2].txt (ID = 2155)
18:54: Found Spy Cookie: adtech cookie
18:54: caroline@2o7[2].txt (ID = 1957)
18:54: Found Spy Cookie: 2o7.net cookie
18:54: invité@atdmt[1].txt (ID = 2253)
18:54: Found Spy Cookie: atlas dmt cookie
18:54: Starting Cookie Sweep
18:54: Registry Sweep Complete, Elapsed Time:00:00:31
18:54: HKU\S-1-5-21-953129233-2154702590-596957751-1007\software\medialoads\ (ID = 125355)
18:54: HKU\S-1-5-21-953129233-2154702590-596957751-1007\software\delfin\ (ID = 124848)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1008\software\cydoor\ (ID = 639126)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1008\software\instafink\ (ID = 128666)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1008\software\instafin\ (ID = 128665)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1008\software\medialoads\ (ID = 125355)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1009\software\instafink\ (ID = 128666)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1009\software\instafin\ (ID = 128665)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1009\software\medialoads\ (ID = 125355)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-1012\software\instafin\ (ID = 128665)
18:54: Found Adware: instafinder
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-501\software\downloadware\ (ID = 775210)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-501\software\cydoor services\ (ID = 639128)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-501\software\cydoor\ (ID = 639126)
18:54: Found Adware: cydoor
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-501\software\updater\ (ID = 136178)
18:54: HKU\WRSS_Profile_S-1-5-21-953129233-2154702590-596957751-501\software\downloadware\ (ID = 125353)
18:54: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (ID = 136181)
18:54: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (ID = 136154)
18:54: HKLM\software\classes\mp.mediapops\ (ID = 136152)
18:54: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (ID = 136147)
18:54: HKCR\mp.mediapops\ (ID = 136080)
18:54: HKCR\mp.mediapops.1\ (ID = 136079)
18:54: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (ID = 136074)
18:54: Found Adware: networkessentials
18:54: HKLM\software\perfectnav\ (ID = 129516)
18:54: Found Adware: keenvalue/perfectnav
18:54: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (ID = 125363)
18:54: Found Adware: great net downloadware
18:54: HKLM\software\microsoft\windows\currentversion\uninstall\delfin media viewer\ (ID = 124878)
18:54: HKLM\software\microsoft\windows\currentversion\app management\arpcache\delfin media viewer\ (ID = 124859)
18:54: HKLM\software\delfin\promulgate\ (ID = 124850)
18:54: HKLM\software\delfin\ (ID = 124849)
18:54: Found Adware: delfin
18:54: HKLM\software\classes\appid\altnet signing module.exe\ (ID = 103489)
18:54: HKLM\software\classes\appid\adm.exe\ (ID = 103488)
18:54: HKLM\software\altnet\ (ID = 103481)
18:54: HKCR\appid\altnet signing module.exe\ (ID = 103449)
18:54: HKCR\appid\adm.exe\ (ID = 103448)
18:54: Found Adware: altnet
18:53: Starting Registry Sweep
18:53: Memory Sweep Complete, Elapsed Time: 00:00:46
18:53: Starting Memory Sweep
18:50: Sweep initiated using definitions version 734
18:50: Spy Sweeper 5.0.7.1608 started
18:50: | Start of Session, vendredi 3 novembre 2006 |
********
18:50: | End of Session, vendredi 3 novembre 2006 |
18:49: Program Version 5.0.7.1608 Using Spyware Definitions 734
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
18:42: Shield States
18:42: Spyware Definitions: 734
18:42: Spy Sweeper 5.0.7.1608 started
18:42: Spy Sweeper 5.0.7.1608 started
18:42: | Start of Session, vendredi 3 novembre 2006 |
********
Reposte un rapport Hijackthis.
Voila rapport Hijackthis
Et encore merci de ton aide.
Logfile of HijackThis v1.99.1
Scan saved at 10:13:05, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe
C:\Program Files\COMOne\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMOne\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EB0326E1-E12D-C988-7B95-B39E8C6503BA} - C:\WINDOWS\system32\avrgykn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B94F6C00-A43D-AF03-ACE0-6AF8373F8A87} - C:\DOCUME~1\JEANFR~1\APPLIC~1\POKEJO~1\bows body.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EB0326E1-E12D-C988-7B95-B39E8C6503BA} - C:\WINDOWS\system32\avrgykn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Agent] "C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] "C:\Program Files\Classic PhoneTools\CapFax.EXE"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Roto] "C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Ewkaoxj] C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C10071BA-787D-4DFF-A13E-12D1B806FA02}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Re,
| Citation : - Assure toi d'avoir accès aux dossiers/fichiers cachés
|
Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:
C:\WINDOWS\system32\avrgykn.dll
Clique ensuite sur Send
Poste le rapport en fin d'analyse.
Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
Voila le rapport de VirusTotal
STATUS: SCANNINGFile "avrgykn.dll" received on 11.04.2006 at 14:48:34 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.
Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 ADSPY/PurityScan.AK.130
Authentium 4.93.8 11.04.2006 no virus found
Avast 4.7.892.0 11.03.2006 Win32:Agent-RY
AVG 386 11.03.2006 Adware Generic.RUD
Aditional Information
File size: 131072 bytes
MD5: fa296b69446fa79581a921318ee9a32e
SHA1: 9f4373ace93a6d5a3a89f486bea306cd0d12221b
Le rapport n'est pas complet mais c'est pas grave.
Télécharge : KillBox
Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:
| Citation : C:\WINDOWS\system32\avrgykn.dll |
Clique droit puis Copier.
----------
. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
- " Unregister .dll Before Deleting "
Pour terminer clique sur le rond rouge avec une croix blanche.
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
. Repond par "oui", un compte à rebour s'enclenche, ton PC va redémarrer.
Supprime ce dossier : C:\!KillBox
Aide sur KillBox
Voila, manip KillBox éffectué
Rapport Hijacthis je suppose?
Logfile of HijackThis v1.99.1
Scan saved at 15:06:56, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe
C:\Program Files\COMOne\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMOne\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B94F6C00-A43D-AF03-ACE0-6AF8373F8A87} - C:\DOCUME~1\JEANFR~1\APPLIC~1\POKEJO~1\bows body.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Agent] "C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] "C:\Program Files\Classic PhoneTools\CapFax.EXE"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Roto] "C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Ewkaoxj] C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C10071BA-787D-4DFF-A13E-12D1B806FA02}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B94F6C00-A43D-AF03-ACE0-6AF8373F8A87} - C:\DOCUME~1\JEANFR~1\APPLIC~1\POKEJO~1\bows body.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Roto] "C:\PROGRA~1\COMMON~1\SEMBLY~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Ewkaoxj] C:\PROGRA~1\Wanadoo\jfr\YSTEM~1\OOL32~1.EXE
O4 - Global Startup: BTTray.lnk = ?
O20 - AppInit_DLLs:
Clique sur Fix checked (en bas à gauche)
----------
-> Démarrer
-> Exécuter...
Tape Services.msc puis valide
Double clique sur " Boonty Games "
Type de démarrage : " Désactiver "
Clique en bas sur " Arrêter "
Valide les changements.
-----
Ouvre Hijackthis puis:
-> Open the Misc Tools Section
-> Delete an NT Service
Tape " BOONTY " puis valide.
----------
Supprime :
C:\Program Files\Fichiers communs\BOONTY Shared\
Tape Services.msc puis valide
Double clique sur " Boonty Games "
Type de démarrage : " Désactiver "
Clique en bas sur " Arrêter "
Jusqu'a "Desactiver" ca va
Mais apres je n'est que demarrer
Pas moyen d'aller à "Arrêter"
Oups !! je relis
Je n'ai que "Démarrer"
Bon j'ai recommencé et comme je ne pouvais pas faire le "Arréter" j'ai quand même fais "appliquer".
J'ai re double cliqué sur Boonty games
La en dessous il y avais noté:
Statut du service : arrété
Suis donc allé sur Hijackthis pour faire la manip, et quand je tape "BOONTY" une fenetre comme ci-dessous s'affiche donc je n'ai pas pu supprimer 
\Program Files\Fichiers communs\BOONTY Shared\
Fenetre Hijackthis
Service'boonty' was not fount in the Registry.
Make sure you entered the short name of the service., vbExclamation
Que dois je faire stp?
Re,
C'est BOONTY<- sans les guillemets
Reposte un rapport Hijackthis.
Je tape bien BOONTY sans les guillemets, j'ai essayé en Maj et en Min
et même message
Voila rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18:47:51, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Agent] "C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] "C:\Program Files\Classic PhoneTools\CapFax.EXE"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\COMOne\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C10071BA-787D-4DFF-A13E-12D1B806FA02}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\COMOne\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Le service n'est plus là.
Ca me semble OK.
- Fais un scan en ligne Kaspersky :
. Scan la zone critique
. Sauvegarde puis colle le rapport en fin d'analyse
Aide pour le scan en ligne.
NOTES :
- Si ce message apparaît :
"La licence de Kaspersky On-line Scanner est périmée"
Vas dans Ajout/Suppression de programmes pour désinstaller l'Online Scanner
Retente ensuite le scan.
- Si tu n'arrive toujours pas à utiliser le scan en ligne, fait un scan en ligne Panda
. /!\ Lorsqu'il te faudra entrée ton adresse e-mail, clique sur I don't accept (en bas)
. Poste le rapport en fin d'analyse
. Si tu as Avast! désactive-le.
Voila rapport Kaspersky
Saturday, November 04, 2006 7:32:52 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 4/11/2006
Enregistrements dans la base antivirus Kaspersky : 224772
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Zones critiques
C:\WINDOWS
C:\DOCUME~1\JEANFR~1\LOCALS~1\Temp\
Statistiques de l'analyse
Total d'objets analysés 25234
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:21:13
Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
C'est OK.
Ton pc est clean.
Dénonce ton infection (Purity) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?
Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.
Merci beaucoup de ton aide.
Si tu passes vers Viry-Chatillon (91), ma porte t'es ouverte pour un verre.
Pas de pbs pour la dénonciation, j'y vais de suite.
Merci 
Il y a 1345 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
