Se connecter avec
S'enregistrer | Connectez-vous

j'ai un virus

Dernière réponse : dans Sécurité

[#ff1c00]bonjour
sa fé quelque temps j'ai un virus appelé dialer factory je crois et je ne sais pas comment m'en debarassé :( 
je cherche je trouve pas comment :pfff: 
je vous explique coment je l'ai atrapé
j'etais en trai de parlé avec un ami mais je comprenais rien a ce ki etait ecrir c'etais ecrit :http//:chnstudio.dsl je ne me rapelle plus de la suite
je me suis dit ke si je cliké dessus je comprendré ce kel ecrit
alors j'ai cliqué et kel ke chose etais en train de se telechargé tout seul je comprené rien
et paf :o 
il menregistre un message vocale et me dit ke jecrit nimporte koi
je me suis donc rendu comptes ke javé un virus
donc je ne plus envoyé de message instentané car il ya marké le site chnstudio je ne sais plus koi quand jenvoi un message et donc si tous mes amis clik dessus il atraperont le meme virus :??: 
donc j'aimerais votre avis sur ce ke je doit faire je nesais plus koi faire maintenant
si vous savé comment me débarassé de se virus dites le moi s'il vous plait merci d'avence


hindaty

ps: désolé pour les fautes d'ortographe

Autres pages sur : virus

Lassé par la pub ? Créez un compte

Bonsoir,

Fais bien TOUT ce qui suit.

- Télécharge Hijackthis de Merjin.
- Mets le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.

- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

Aide sur Hijackthis

[#7fff00]dit eske c'est ca shui pas sur :ouch:  :
Logfile of HijackThis v1.99.1
Scan saved at 21:39:25, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\WinAntiVirus Pro 2006\winav.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\linewsrv.exe
C:\Program Files\implus\implus.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\Y5OJQLYH\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chercher.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [usdr6cw] C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linewsrv.exe /run
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - Startup: RealPlayer.lnk = C:\Program Files\Real\RealPlayer\realplay.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?245d4c3eed7449c989f76d64bfe50419
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?245d4c3eed7449c989f76d64bfe50419
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe

Bonjour,

Infection Egdaccess.

Les manipulations sont à faire sans interruption et dans l'ordre
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Enregistre cette page pour avoir accès à la procédure en mode sans échec :
- Fichier
- Enregistrer Sous...
- Nom du fichier : Procédure
- Type : Page Web, complète
- Pour l'emplacement, chosis ton Bureau
- Clique maintenant sur Enregistrer

Télécharge :

Brute Force Uninstaller (de Merjin).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

Navipromo.zip et décompresse-le sur ton bureau.

FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

AIDE : Comment installer et utiliser BFU ?

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

Lance le fichier Navipromo.bat qui se trouve sur ton bureau dans le dossier Navipromo. Sélectionne l'option "Recherche et suppression automatique" en tapant sur la touche R.
S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé.

Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu

Clique sur Execute et laisse-le faire son travail.

Attends que Complete script execution apparaîsse pour cliquer sur OK.
Clique Exit pour fermer le programme BFU.

Redémarre normalement.

Poste les rapports :
- Hijackthis
- C:\egd.txt
- C:\Navipromo.txt

Logfile of HijackThis v1.99.1
Scan saved at 21:39:25, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\WinAntiVirus Pro 2006\winav.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\linewsrv.exe
C:\Program Files\implus\implus.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary

Internet Files\Content.IE5\Y5OJQLYH\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.chercher.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID

}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

=
R3 - URLSearchHook: Search Class -

{08C06D61-F1F3-4799-86F8-BE1A89362C85} -

C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4}

- C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -

C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} -

C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -

C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe

TaskBarIcon.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur

CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro

2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program

Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [usdr6cw] C:\Program Files\SystemDoctor 2006

Free\usdr6cw.exe -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus

Pro 2006\winav.exe /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe

appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linewsrv.exe

/run
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - Startup: RealPlayer.lnk = C:\Program

Files\Real\RealPlayer\realplay.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB

adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet

d'arrière-plan - res://C:\Program Files\Windows Live

Toolbar\Components\fr-fr\msntabres.dll.mui/229?245d4c3eed7449c989f76d64

bfe50419
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier

plan - res://C:\Program Files\Windows Live

Toolbar\Components\fr-fr\msntabres.dll.mui/230?245d4c3eed7449c989f76d64

bfe50419
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} -

C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar -

{1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program

Files\GamesBar\oberontb.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -

http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPACl...

b
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags

Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline

Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert

Class) -

http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...

PkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown

Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France

Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. -

C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
"CanalPlayer"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe /iconic"
"uwa6pcw"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"SystemDoctor 2006 Free"="C:\\Program Files\\SystemDoctor 2006 Free\\sd2006.exe -scan"
"usdr6cw"="C:\\Program Files\\SystemDoctor 2006 Free\\usdr6cw.exe -c"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"WinAntiVirusPro2006"="C:\\Program Files\\WinAntiVirus Pro 2006\\winav.exe /min"

Bonsoir,

Les manipulations sont à faire sans interruption et dans l'ordre
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Enregistre cette page pour avoir accès à la procédure en mode sans échec :
- Fichier
- Enregistrer Sous...
- Nom du fichier : Procédure
- Type : Page Web, complète
- Pour l'emplacement, chosis ton Bureau
- Clique maintenant sur Enregistrer

Télécharge :

Brute Force Uninstaller (de Merjin).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Winsoftware.bfu et BFU.exe (très important).

Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

AIDE : Comment installer et utiliser BFU ?

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Winsoftware.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu

Clique sur Execute et laisse-le faire son travail.

Attends que Complete script execution apparaîsse pour cliquer sur OK.
Clique Exit pour fermer le programme BFU.

Redémarre normalement.

Poste le rapport Hijackthis.

Rapport Navipromo.bat 0.5 effectué le 20/11/2006 à 19:46:21,92

** Recherche...

1/ uvmpqrx trouvé, recherche de uvmpqrx*
C:\WINDOWS\system32\uvmpqrx.dat
C:\WINDOWS\system32\uvmpqrx.exe
C:\WINDOWS\system32\uvmpqrx_nav.dat
C:\WINDOWS\system32\uvmpqrx_navps.dat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
uvmpqrx REG_SZ c:\windows\system32\uvmpqrx.exe uvmpqrx

------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode

################################################

** Nettoyage...

1/ Déplacement de uvmpqrx* vers C:\Navipromo\Backups...
C:\Windows\System32\uvmpqrx* déplacé avec succès !

------------------
* Suppression clés et valeurs de registre
1 entrées de registre ont été nettoyées

* Backups :

C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\Uninstall.reg
C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\uvmpqrx.dat
C:\Navipromo\Backups\uvmpqrx.exe
C:\Navipromo\Backups\uvmpqrx_nav.dat
C:\Navipromo\Backups\uvmpqrx_navps.dat

Ajout d'extension .off aux backups

## Fin du rapport de Suppression

Logfile of HijackThis v1.99.1
Scan saved at 21:39:25, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\WinAntiVirus Pro 2006\winav.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\linewsrv.exe
C:\Program Files\implus\implus.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\Y5OJQLYH\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chercher.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [usdr6cw] C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linewsrv.exe /run
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - Startup: RealPlayer.lnk = C:\Program Files\Real\RealPlayer\realplay.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?245d4c3eed7449c989f76d64bfe50419
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?245d4c3eed7449c989f76d64bfe50419
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe

Logfile of HijackThis v1.99.1
Scan saved at 17:52:59, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\implus\implus.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrateur\Local Settings\Temp\wz45b4\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chercher.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - Startup: RealPlayer.lnk = C:\Program Files\Real\RealPlayer\realplay.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?245d4c3eed7449c989f76d64bfe50419
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?245d4c3eed7449c989f76d64bfe50419
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

Re,

Les manipulations sont à faire sans interruption et dans l'ordre
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Enregistre cette page pour avoir accès à la procédure en mode sans échec :
- Fichier
- Enregistrer Sous...
- Nom du fichier : Procédure
- Type : Page Web, complète
- Pour l'emplacement, chosis ton Bureau
- Clique maintenant sur Enregistrer

Télécharge:

Ccleaner
Installe le dans un répertoire dédié.
Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
AIDE : Tuto de Ccleaner

AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto d'AVG AntiSpyware

Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

Redémarre en mode sans échec

Désinstalle si possible :
GamesBar
Implus

Ferme TOUTES les fenêtres ouvertes (sauf Hijackthis)
et les logiciels de protection en temps réel (Antivirus, TeaTimer...)

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

Clique sur Fix checked (en bas à gauche)

Supprime ces dossiers :
C:\Program Files\GamesBar\
C:\Program Files\implus\

-- Lance Ccleaner :
- Clique sur le bouton "Analyse"
- Clique maintenant sur le bouton "Lancer le Néttoyage".

- Clique sur l'onglet "Erreurs"
- Clique successivement sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées".

- Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté détécté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

Redémarre normalement.

- Ouvre le rapport d'AVG AS puis copie/colle son contenu ici.

- Poste un nouveau rapport Hijackthis.

- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt

NB : Merci à Malekal pour ses tutos.

[#ff8d00]---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:06:30 23/11/2006

+ Résultat de l'analyse:



HKU\S-1-5-21-842925246-2111687655-1708537768-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Invité\Cookies\invité@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@www.casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@media.fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\nabil\Cookies\nabil@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\hindo\Cookies\hindo@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\soudjaouma\Cookies\soudjaouma@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport

Logfile of HijackThis v1.99.1
Scan saved at 23:21:43, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Local Settings\Temp\wzade6\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chercher.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?245d4c3eed7449c989f76d64bfe50419
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?245d4c3eed7449c989f76d64bfe50419
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysvx.exe"=-
"xsetup"=-
"scanSYS"=-
"driver64"=-
"TorontoMail"=-
"ExchangeMaster"=-
'phxp service"=-
"MSN Live Messanger=-
"whxpin service"=-
"Virtual CD v6"=-
"Ads checker"=-
"help24"=-
"CTDrive"=-
"NsUpdate"=-
"cprocsvc"=-
"keyboard"=-
"mousepad"=-
"newname"=-
"gimmygames"=-
"winlog"=-
"outlook"=-
"defender"=-
"TheMonitor"=-
"TClock.exe"=-
"snpstd"=-
"svcdrv"=-
"MsMovies"=-
"webHancer Survey Companion"=-
"Windowsz"=-
"Windows Update Manager"=-
"SpySpotter"=-
"SpySpotter System Defender"=-
"Windows Explorer"=-
".nvsvc"=-
"msconfig38"=-
"secures23"=-
"Microsoft Update"=-
"Microsoft Service Messenger 8"=-
"DriveCleaner 2006 Free"=-
"d7ec357b.exe"=-
"ErrorSafe"=-
"Error Safe"=-
"ers"=-
"My Web Search Bar"=-
"MyWebSearch Email Plugin"=-
"WinAntiSpyware 2006 Scanner"=-
"WinAntivirusPro2006"=-
"SystemDoctor 2006 Free"=-
"WhenUSave"=-
"WinFixer2005"=-
"RazeSpyware"=-
"RazeSpyware Monitor"=-
"SpyCut"=-
"SpyCut Monitor"=-
"updwebmin"=-
"MSN Service"=-
"Configuration Loader"=-
"switp"=-
"shell"=-
"eZWO"=-
"eZmmod"=-
"newupdate32"=-
"winns"=-
"winnsvc"=-
"secures23"=-
"Adware.Srv32"=-
"microsft Updates"=-
"msconfig38"=-
"secures23"=-
"win32"=-
"SAPSTR"=-
"new32"=-
"Nsv"=-
"hclean32.exe"=-
"dflnl.exe"=-
"zango"=-
"nmmeo"=-
"vidmon"=-
"hgqhp.exe"=-
"dmvbn.exe"=-
"Microsoft Windows Session Manager Subsystem"=-
"Microsoft Windows Logon Process"=-
"wormexe"=-
"slamm"=-
"taskdir"=-
"_Windows"=-
"SurfAccuracy"=-
"Power Scan"=-
"Media Access"=-
"IST Service"=-
"WinMedia"=-
"winsystems25"=-
"Windows File Migration Wizard"=-
"Windows Dcom2 Fix"=-
"Windows Compliant"=-
"SystemTray"=-
"MSChoEx"=-
"Microsoft SSISVRI32 Protocol"=-
"Local Service"=-
"LSA"=-
"Nsclym"=-
"My Global Search Uninstall"=-
"Instant Access"=-
"Windows Logon Application"=-
"windlog32"=-
"MailSkinner"=-
"win_drivr32"=-
"implus"=-
"rpcc"=-
"Windows MS Update 32"=-
"Win32 Security Protocol"=-
"Windows Core Kernel Update"=-
"winupdates"=-
"au"=-
"AXVenore"=-
"SemanticInsight"=-
"secure socket layer"=-
"Connection Managers"=-
"DRam prosesor"=-
"Windows System File"=-
"sysmngr32"=-
"SERV PacK2"=-
"MS Unix Binary"=-
"Microsoft Windows Update2"=-
"msconfig.exe"=-
"taskmgr.exe"=-
"notepad.exe"=-
"winlogin.exe"=-
"CRC Value Verifier"=-
"Com+ Sys"=-
"CRC Value Verifier"=-
"Mirate Sp 2 Information"=-
"Microsoft uptade"=-
"msdev"=-
"Win32"=-
"Windows Update"=-
"SheduIer"=-
"winservit"=-
"FireFox"=-
"HP Deskjet 500"=-
"Microsoft Services"=-
"Microsoft Configure"=-
"libprm"=
"explorer"=-
"Microsoft Windows Update 32"=-
"System Service"=-
"Services"=-
"Microsoft WIN32 Security"=-
"internet service"=-
"Microsoft-Update"=-
"MS Unix Binary"=-
"Yahoo Load"=-
"RPC Service"=-
"cnkdsk"=-
"stonedrv"=-
"_mzu_stonedrv7"=-
"_mzu_stonedrv6"=-
"_mzu_stonedrv5"=-
"_mzu_stonedrv4"=-
"Windows Taskbar Driver (32-bits)"=-
"WinAntiVirusPro2006"=-
"SysProtect Free"=-
"SysProtect"=-
"Microsoft Internet Explorer"=-
"Client Server Runtime Process"=-
"Microsoft (R) Windows Update Manager"=-
"Microsoft (R) Windows Connection Mapping Service"=-
"Microsoft (R) Windows Network Sharing Service"=-
"IpWins"=-
"Configuration Loader"=-
"Printer"=-
"Microsoft (R) Windows Vista/NT Runtime Compatibility Service"=-
"Linksys Modem Driver"=-
"Ms Java for Windows NT"=-
"PSLister"=-
"Microsoft media services"=-
"svcload"=-
"Microsoft Update Time"=-
"MS SyS Restore"=-
"Microsoft Features"=-
"DNS Service"=-
"Cryptographic Service"=-
"Secure Svc 7.0"=-
"QuicktimeMngr"=-
"Remote Procedure Calls"=-
"MSSVC"=-
"ssgrate.exe"=-
"ErrorFixe"=-
"SurfSideKick 3"=-
"MS Java Service Wrapper for Windows NT & XP"=-
"Microsoft Internet"=-
"DRam prosessor"=-
"AdobeReaderPro"=-
"MSN messanger"=-
"Tilecom New"=-
"SYSTEM"=-
"winsystems25"=-
"0mcamcap"=-
"Spooler SubSystem App=-
"Local Security Authority Service"=-
"vssms32"=-
crosoft Windows Update2"=-
"Microsoft Windows Update"=-
"Microsoft Diagnostic"=-
"Spooler SubSystem App"=-
"DHCP Hotfix"=-
"pavsvc"=-
"MS Java for Windows XP & NT"=-
"MS Java Service Wrapper for Windows NT & XP"=-
"Windows Kernel System Service"=-
"Sun Java Console for Windows NT & XP"=-
"seekmo"=-
"uwa6pcw"=-
"OneClick"=-
"TheMonitor"=-
"DaemonTools_WhenUSaveNow_Installer"=-
"progmen"=-
"backorif"=-
"NukeSpan"=-
"killall"=-
"Serviceprocess"=-
"Microsoft genuine service "=-
"Microsoft Networking Service"=-
"winmsnsvc"=-
"PSCloner"=-
"CMFibula"=-
"PSLister"=-
"MS Dynamic Host Configuration Protocol"=-
"Google service"=-
"ActiveScan Antivirus"=-
"MCX Update"=-
"Mirsft sdce"=-
"Win32 Wmls Driver"=-
"Windows Network Controller"=-
"Windows Compliant"=-
"Win32 USB2 service"=-
"Micr0s0ft Upd4t4z"=-
"Win32 USB2.0 Driver"=-
"System Uptime Server"=-
"Configuration Loader"=-
"WSSAConfiguration"=-
"Win32 Configuration"=-
"NeroCheck"=-
"Microsoft Time Manager"=-
"Windows APCI Verifier"=-
"tbon"=-
"P2P Networking"=-
"P2P Networking2"=-
"IpWins"=-
"WinHound"=-
"Microsoft Windows Communicator for NT/XP"=-
"Windows shit"=-
"ClockSync"=-
"Setup"=-
"HPPrintService"=-
"Tilerun"=-
"ntddetect"=-
"useful-soft"=-
".nvsvcb"=-
"adir"=-
"Advanced DHTML Enable"=-
"Compaq Jes Drivers"=-
"Microsoft Messenger XP"=-
"Windows Time"=-
"virD"=-
"MediaGateway"=-
"microsft windows updates"=-
"msconfig38"=-
"Services"=-
"winsvchos"=-
"winnsvc"=-
"win msdt service"=-
"Microsoft Configure 32"=-
"Irc Client"=-
"Windows Media Loader"=-
"SvcManager"=-
"_mzu_stonedrv2"=-
"irmq"=-
"gabber"=-
"new32"=-
"br0ken"=-
"install2"=-
"PasswdMon"=-


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Virtual CD v6"=-
"msconfig38"=-
"secures23"=-
"Microsoft Update"=-
"Microsoft Service Messenger 8"=-
"Microsoft Update"=-
"updwebmin"=-
"msconfig38"=-
"secures23"=-
"mspd"=-
"autoupdatev2"=-
"AlexaToolbar"=-
"HostSrv"=-
"Windows File Migration Wizard"=-
"Windows Dcom2 Fix"=-
"Windows Compliant"=-
"SystemTray"=-
"MSChoEx"=-
"Microsoft SSISVRI32 Protocol"=-
"Local Service"=-
"LSA"=-
"P2P Networking"=-
"P2P Networking2"=-
"webrebates"=-
"AdobeReaderPro"=-
"Generic Host Process32g System Backup"=-
"SemanticInsight"=-
"Windows Logon Application"=-
"win_drivr32"=-
"updwebmin"=-
"Windows MS Update 32"=-
"Win32 Security Protocol"=-
"Windows Core Kernel Update"=-
"sysmngr32"=-
"SERV PacK2"=-
"MS Unix Binary"=-
"Microsoft Windows Update2"=-
"Microsoft Windows Update"=-
"msconfig.exe"=-
"taskmgr.exe"=-
"notepad.exe"=-
"winlogin.exe"=-
"CRC Value Verifier"=-
"Com+ Sys"=-
"CRC Value Verifier"=-
"Mirate Sp 2 Information"=-
"Microsoft uptade"=-
"msdev"=-
"Win32"=-
"Windows Update"=-
"SheduIer"=-
"winservit"=-
"FireFox"=-
"HP Deskjet 500"=-
"Microsoft Services"=-
"Microsoft Configure"=-
"libprm"=-
"Microsoft System Saver"=-
"Microsoft Windows Update 32"=-
"System Service"=-
"Services"=-
"Microsoft WIN32 Security"=-
"internet service"=-
"Microsoft-Update"=-
"MS Unix Binary"=-
"cnkdsk"=-
"stonedrv"=-
"Windows Taskbar Driver (32-bits)"=-
"Microsoft Internet Explorer"=-
"Client Server Runtime Process"=-
"Microsoft (R) Windows Update Manager"=-
"Microsoft (R) Windows Connection Mapping Service"=-
"Microsoft (R) Windows Network Sharing Service"=-
"IpWins"=-
"Configuration Loader"=-
"Printer"=-
"Microsoft (R) Windows Vista/NT Runtime Compatibility Service"=-
"Linksys Modem Driver"=-
"Ms Java for Windows NT"=-
"Microsoft media services"=-
"svcload"=-
"Microsoft Update Time"=-
"MS SyS Restore"=-
"Microsoft Features"=-
"DNS Service"=-
"Cryptographic Service"=-
"Secure Svc 7.0"=-
"QuicktimeMngr"=-
"Remote Procedure Calls"=-
"winshost.exe"=-
"sais"=-
"MSSVC"=-
"ssgrate.exe"=-
"DRam prosessor"=-
"AdobeReaderPro"=-
"MSN messanger"=-
"Tilecom New"=-
"SYSTEM"=-
"Spooler SubSystem App=-
"Local Security Authority Service"=-
"Microsoft Diagnostic"=-
"Spooler SubSystem App"=-
"DHCP Hotfix"=-
"pavsvc"=-
"MS Java for Windows XP & NT"=-
"MS Java Service Wrapper for Windows NT & XP"=-
"Windows Kernel System Service"=-
"Sun Java Console for Windows NT & XP"=-
"Microsoft genuine service "=-
"Microsoft Networking Service"=-
"WeatherOnTray"=-
"SpamBlocker"=-
"MS Dynamic Host Configuration Protocol"=-
"Google service"=-
"ActiveScan Antivirus"=-
"MCX Update"=-
"Mirsft sdce"=-
"Win32 Wmls Driver"=-
"Windows Network Controller"=-
"Windows Compliant"=-
"Win32 USB2 service"=-
"Micr0s0ft Upd4t4z"=-
"Win32 USB2.0 Driver"=-
"System Uptime Server"=-
"Configuration Loader"=-
"WSSAConfiguration"=-
"Win32 Configuration"=-
"NeroCheck"=-
"Microsoft Time Manager"=-
"Windows APCI Verifier"=-
"Microsoft Windows Communicator for NT/XP"=-
"Windows shit"=-
"HPPrintService"=-
"Tilerun"=-
"ntddetect"=-
"Advanced DHTML Enable"=-
"Compaq Jes Drivers"=-
"Microsoft Messenger XP"=-
"Windows Time"=-
"microsft windows updates"=-
"msconfig38"=-
"Services"=-
"winsvchos"=-
"winnsvc"=-
"win msdt service"=-
"Microsoft Configure 32"=-
"Irc Client"=-
"Windows Media Loader"=-
"adstart"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows MS Update 32"=-
"Win32 Security Protocol"=-
"Windows Core Kernel Update"=-
"Windows MS Update 32"=-
"secure socket layer"=-
"Connection Managers"=-
"DRam prosesor"=-
"Windows System File"=-
"cnkdsk"=-
"stonedrv"=-
"Windows Taskbar Driver (32-bits)"=-
"Microsoft media services"=-
"svcload"=-
"Microsoft Update Time"=-
"MS SyS Restore"=-
"Microsoft Features"=-
"DNS Service"=-
"Cryptographic Service"=-
"Secure Svc 7.0"=-
"QuicktimeMngr"=-
"Remote Procedure Calls"=-
"DRam prosessor"=-
"AdobeReaderPro"=-
"MSN messanger"=-
"Tilecom New"=-
"SYSTEM"=-
"Spooler SubSystem App"=-
"DHCP Hotfix"=-
"pavsvc"=-
"MS Java for Windows XP & NT"=-
"MS Java Service Wrapper for Windows NT & XP"=-
"Windows Kernel System Service"=-
"Sun Java Console for Windows NT & XP"=-
"Microsoft genuine service "=-
"Microsoft Networking Service"=-

[-hkey_local_machine\SOFTWARE\Gator.com\]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BOONTY]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wincqt32]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DP1112]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DP1112\Security]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WSCM]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sdktemp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00172AD1-F4BD-48C0-AEB5-A4CFE4638393}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D49E9D35-254C-4c6a-9D17-95018D228FF5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15E38167-B065-4BB5-B987-9F04B1E85AEA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC2E8306-D24E-4082-8669-7781499F4E03}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{821F87FF-8245-4972-9E28-732E92EC2F51}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A4902E-4479-4EAE-A186-8D0F7E4C78DE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4F147D7-BF25-488E-A12B-EFD43E7029BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79A002FB-C126-462D-B4A7-81D6B42D1666}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-436325722327}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCAFFC14-BD46-408A-9842-CDBE1C6D37FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0140DF95-9128-4053-AE72-F43F0CFCA062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A045DC85-FC44-45be-8A50-E4F9C62C9A84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E954DB82-1533-4714-92F2-59C98D5C18CC}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1C78AB3F-A857-482e-80C0-3A1E5238A565}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{{A20A76AD-7A29-4756-87FE-70C334CB40C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7EFBC57C-CD57-481F-B794-648FCE9C9116}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{860c2f6b-ca82-4282-9187-beccbb66f0af}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9FB3908C-6565-4CB0-95F8-E9F85258723C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7fa55359-7223-410f-bc82-efb3e3ded07f}"=-

[-HKEY_CLASSES_ROOT\CLSID\{7fa55359-7223-410f-bc82-efb3e3ded07f}\InProcServer32]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7fa55359-7223-410f-bc82-efb3e3ded07f}\InProcServer32]

[-HKEY_LOCAL_MACHINE\software\altnet]
[-hkey_local_machine\software\Fun Web Products]
[-hkey_current_user\software\Montorgueil]
[-hkey_current_user\software\MyWebSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\NIX Solutions]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MyWay]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Titan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MailSkinner]
[-hkey_current_user\SOFTWARE\HbTools]
[-hkey_local_machine\SOFTWARE\HbTools]
[-hkey_local_machine\SOFTWARE\Classes\HbCoreSrv.DynamicPropd
[-hkey_local_machine\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1
[-hkey_local_machine\SOFTWARE\Classes\HbTools.HbtCommBand]
[-hkey_local_machine\SOFTWARE\Classes\HbTools.HbtCommBand.1]
[-hkey_local_machine\SOFTWARE\Classes\HbTools.HbtTravelCompareBar]
[-hkey_local_machine\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices]
[-hkey_local_machine\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtCoreSrv.LfgAx]
[-hkey_local_machine\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtHostIE.Bho]
[-hkey_local_machine\SOFTWARE\Classes\HbtHostIE.Bho.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtHostOL.HbtMailAnim]
[-hkey_local_machine\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend]
[-hkey_local_machine\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtSrv.HbtCoreServices]
[-hkey_local_machine\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI]
[-hkey_local_machine\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl]
[-hkey_local_machine\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1]
[-hkey_local_machine\SOFTWARE\Classes\HbtTools.HbMain]
[-hkey_local_machine\SOFTWARE\Classes\HbtTools.HbMain.1]
[-hkey_local_machine\SOFTWARE\Classes\RprtsPSClient.PSExecuter]
[-hkey_local_machine\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.HbAx]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.HbAx.1]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.HbInfoBand]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.HbInfoBand.1]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.IEButton]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.IEButton.1]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.IEButtonA]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.IEButtonA.1]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.SmrtShprCtl]
[-hkey_local_machine\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1]
[-hkey_local_machine\SOFTWARE\ShopperReports]
[-hkey_current_user\software\Fun Web Products]
[-hkey_current_user\software\MyWebSearch]
[-HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}]

[-HKEY_USERS\.DEFAULT\SOFTWARE\HbTools]
[-HKEY_LOCAL_MACHINE\SOFTWARE\ALTNET\]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run ni.usyp]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run sysprotect free]
[-HKEY_CLASSES_ROOT\appid\{4f5e5d72-c915-4f3b-908b-527d064b0faa}]
[-HKEY_CLASSES_ROOT\checkprod.checkproduct]
[-HKEY_CLASSES_ROOT\clsid\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}]
[-HKEY_CLASSES_ROOT\clsid\{9e87077c-380c-407d-8dab-eedad95c0a5d}]
[-HKEY_CLASSES_ROOT\clsid\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}]
[-HKEY_CLASSES_ROOT\clsid\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}]
[-HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb}]
[-HKEY_CLASSES_ROOT\flfxr15.flfixer15]
[-HKEY_CLASSES_ROOT\interface\{02946fd1-2d99-46e6-a790-3a089714edd9}]
[-HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}]
[-HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}]
[-HKEY_CLASSES_ROOT\typelib\{7eacf70b-302f-4049-ac68-2d62eb43e473}\1.0]
[-HKEY_CLASSES_ROOT\typelib\{7fa4ec26-6a28-4474-857d-bb05b001c84a}\1.0]
[-HKEY_CLASSES_ROOT\typelib\{96d58666-8f00-4a9d-9389-c17aaa2407c9}\1.0]
[-HKEY_CLASSES_ROOT\typelib\{e79d5e54-81c9-41ae-9d7b-03f1e5a7733d}\1.0]
[-HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500}\1.0]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run sysprotect free]
[-HKEY_CURRENT_USER\software\sysprotect free]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run ni.usyp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usyp_is1]
[-HKEY_LOCAL_MACHINE\software\sysprotect]

[-HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject]
[-HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject.1]
[-HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID)
[-HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer]
[-HKLM\SOFTWARE\Gator.com]
[-HKLM\SOFTWARE\Gator.com\GInternet]
[-HKLM\SOFTWARE\Gator.com\GInternet\Proxy]
[-HKLM\SOFTWARE\Gator.com\Gator]
[-HKLM\SOFTWARE\Gator.com\Gator\dyn]
[-HKLM\SOFTWARE\Gator.com\Gator\stat]
[-HKLM\SOFTWARE\Gator.com\trickles]
[-HKLM\SOFTWARE\Classes\BHO.PerfectNavBHO]
[-HKLM\SOFTWARE\Classes\BHO.PerfectNavBHO.1]
[-HKLM\SOFTWARE\PerfectNav]
[-HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer]
[-HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1]
[-HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID]
[-HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer]
[-HKLM\SOFTWARE\WinAntiVirus Pro 2006]
[-HKLM\SOFTWARE\Classes\ADM25.ADM25]
[-HKLM\SOFTWARE\Classes\ADM25.ADM25.1]
[-HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer]
[-HKLM\SOFTWARE\Classes\ADM4.ADM4]
[-HKLM\SOFTWARE\Classes\ADM4.ADM4.1]
[-HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer]
[-HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE]
[-HKLM\SOFTWARE\Classes\AppID\adm.EXE]
[-HKLM\SOFTWARE\Cydoor]


[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

Logfile of HijackThis v1.99.1
Scan saved at 13:14:12, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PowerArchiver\powerarc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_PA993\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chercher.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?245d4c3eed7449c989f76d64bfe50419
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?245d4c3eed7449c989f76d64bfe50419
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

On vérifie si tout est bon.

- Fais un scan en ligne Kaspersky :
. Scan la zone critique
. Sauvegarde puis colle le rapport en fin d'analyse
Aide pour le scan en ligne.

NOTES :

- Si ce message apparaît :
"La licence de Kaspersky On-line Scanner est périmée"
Vas dans Ajout/Suppression de programmes pour désinstaller l'Online Scanner
Retente ensuite le scan.

- Si tu n'arrive toujours pas à utiliser le scan en ligne, fait un scan en ligne Panda
. /!\ Lorsqu'il te faudra entrée ton adresse e-mail, clique sur I don't accept (en bas)
. Poste le rapport en fin d'analyse
. Si tu as Avast! désactive-le.

Angeldark a dit :
Bonsoir,

Fais bien TOUT ce qui suit.

- Télécharge Hijackthis de Merjin.
- Mets le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.

- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Logfile of HijackThis v1.99.1
Scan saved at 21:09:27, on 20/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\Documents and Settings\fred\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?product=asearch&src_id...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: ASGP32.ASGP - {9A69FDCA-795F-47BC-B2FB-320394D15F5A} - C:\WINDOWS\System32\asgp32.dll
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe


Aide sur Hijackthis

Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Tom's guide dans le monde