Se connecter avec
S'enregistrer | Connectez-vous

pc infecté (XP)

Dernière réponse : dans Sécurité

bonjour à tous,
un pote a un pc qui est complètement infecté (et c'est pas peu dire...). Au démarrage il a plein de message d'erreur du type "fichier .dll manquant...". De plus à côté de l'heure il y a écrit "VIRUS ALERT" (il a avast comme antivirus, je ne crois pas que ce soit avast qui mette ça, c'est à mon avis un virus...). Aussi, il y a d'autre problème genre le wifi qui marche plus (j'ai testé sous linux en live cd, sa carte wifi marche...).
Bref, je vous post un log hijackthis, si quelqu'un a un peu de temps pour me filer un coup de main sachant qu'il n'a pas de cd de win sous la main et que j'aimerais lui remettre son xp a neuf (ou presque) pour lui faire beau dual boot ubuntu/XP.
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:39: VIRUS ALERT!, on 03/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

F3 - REG:win.ini: run=C:\Documents and Settings\Admin\Application Data\Adobe\Manager.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: QXK Olive - {4A10BF18-AE42-4D89-8D72-0742D83AA2C6} - C:\WINDOWS\wnlmdakqqas.dll (file missing)

O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: bgrqfetx - {E0597566-BAA7-49B5-875B-5E203D363229} - C:\WINDOWS\bgrqfetx.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [{af80c20b-fa3d-4cdf-97b5-a319f57e7367}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll" DllStart

O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: xokvrpwg - {FBF94A46-F36F-4AEF-A47D-0C37D4D44747} - C:\WINDOWS\xokvrpwg.dll (file missing)

O21 - SSODL: tfnslopk - {6B2EB1ED-5BA8-4A18-A531-200F5CAC2A2E} - C:\WINDOWS\tfnslopk.dll (file missing)

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm



--

End of file - 11647 bytes

Autres pages sur : infecte

Lassé par la pub ? Créez un compte

bonjour et merci de t'occuper de mon problème.
Voici le rapport que tu as demandé :

  1. SmitFraudFix v2.345
  2.  
  3.  
  4.  
  5. Rapport fait à 20:01:26,00, 04/09/2008
  6.  
  7. Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
  8.  
  9. OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
  10.  
  11. Le type du système de fichiers est FAT32
  12.  
  13. Fix executé en mode normal
  14.  
  15.  
  16.  
  17. »»»»»»»»»»»»»»»»»»»»»»»» Process
  18.  
  19.  
  20.  
  21. C:\WINDOWS\System32\smss.exe
  22.  
  23. C:\WINDOWS\system32\csrss.exe
  24.  
  25. C:\WINDOWS\system32\winlogon.exe
  26.  
  27. C:\WINDOWS\system32\services.exe
  28.  
  29. C:\WINDOWS\system32\lsass.exe
  30.  
  31. C:\WINDOWS\system32\Ati2evxx.exe
  32.  
  33. C:\WINDOWS\system32\svchost.exe
  34.  
  35. C:\WINDOWS\system32\svchost.exe
  36.  
  37. C:\WINDOWS\System32\svchost.exe
  38.  
  39. C:\WINDOWS\system32\svchost.exe
  40.  
  41. C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  42.  
  43. C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  44.  
  45. C:\WINDOWS\system32\svchost.exe
  46.  
  47. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  48.  
  49. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  50.  
  51. C:\WINDOWS\system32\spoolsv.exe
  52.  
  53. C:\WINDOWS\system32\svchost.exe
  54.  
  55. C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  56.  
  57. C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  58.  
  59. C:\WINDOWS\system32\svchost.exe
  60.  
  61. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  62.  
  63. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  64.  
  65. C:\WINDOWS\System32\alg.exe
  66.  
  67. C:\WINDOWS\system32\Ati2evxx.exe
  68.  
  69. C:\WINDOWS\Explorer.EXE
  70.  
  71. C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  72.  
  73. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  74.  
  75. C:\Program Files\Arcade\PCMService.exe
  76.  
  77. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  78.  
  79. C:\acer\epm\epm-dm.exe
  80.  
  81. C:\Program Files\Acer\eRecovery\Monitor.exe
  82.  
  83. C:\Program Files\Launch Manager\QtZgAcer.EXE
  84.  
  85. C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
  86.  
  87. C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  88.  
  89. C:\Program Files\iTunes\iTunesHelper.exe
  90.  
  91. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  92.  
  93. C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
  94.  
  95. C:\WINDOWS\system32\ctfmon.exe
  96.  
  97. C:\Program Files\Messenger\msmsgs.exe
  98.  
  99. C:\Program Files\SuperCopier2\SuperCopier2.exe
  100.  
  101. C:\Program Files\iPod\bin\iPodService.exe
  102.  
  103. C:\WINDOWS\system32\wuauclt.exe
  104.  
  105. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  106.  
  107. C:\WINDOWS\system32\wuauclt.exe
  108.  
  109. C:\WINDOWS\system32\cmd.exe
  110.  
  111. C:\WINDOWS\system32\wbem\wmiprvse.exe
  112.  
  113.  
  114.  
  115. »»»»»»»»»»»»»»»»»»»»»»»» hosts
  116.  
  117.  
  118.  
  119.  
  120.  
  121. »»»»»»»»»»»»»»»»»»»»»»»» C:\
  122.  
  123.  
  124.  
  125.  
  126.  
  127. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
  128.  
  129.  
  130.  
  131. C:\WINDOWS\privacy_danger PRESENT !
  132.  
  133.  
  134.  
  135. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
  136.  
  137.  
  138.  
  139.  
  140.  
  141. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
  142.  
  143.  
  144.  
  145.  
  146.  
  147. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
  148.  
  149.  
  150.  
  151.  
  152.  
  153. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
  154.  
  155.  
  156.  
  157.  
  158.  
  159. »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin
  160.  
  161.  
  162.  
  163.  
  164.  
  165. »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
  166.  
  167.  
  168.  
  169.  
  170.  
  171. »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
  172.  
  173.  
  174.  
  175.  
  176.  
  177. »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMIN\FAVORIS
  178.  
  179.  
  180.  
  181. C:\DOCUME~1\ADMIN\FAVORIS\Error Cleaner.url PRESENT !
  182.  
  183. C:\DOCUME~1\ADMIN\FAVORIS\Privacy Protector.url PRESENT !
  184.  
  185. C:\DOCUME~1\ADMIN\FAVORIS\Spyware?Malware Protection.url PRESENT !
  186.  
  187.  
  188.  
  189. »»»»»»»»»»»»»»»»»»»»»»»» Bureau
  190.  
  191.  
  192.  
  193. C:\DOCUME~1\ADMIN\BUREAU\Privacy Protector.url PRESENT !
  194.  
  195.  
  196.  
  197. »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 
  198.  
  199.  
  200.  
  201.  
  202.  
  203. »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
  204.  
  205.  
  206.  
  207.  
  208.  
  209. »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
  210.  
  211.  
  212.  
  213. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
  214.  
  215. "Source"="About:Home"
  216.  
  217. "SubscribedURL"="About:Home"
  218.  
  219. "FriendlyName"="Ma page d'accueil"
  220.  
  221.  
  222.  
  223. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
  224.  
  225. "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
  226.  
  227. "SubscribedURL"=""
  228.  
  229. "FriendlyName"="Privacy Protection"
  230.  
  231.  
  232.  
  233. »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
  234.  
  235. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  236.  
  237.  
  238.  
  239. IEDFix
  240.  
  241. Credits: Malware Analysis & Diagnostic
  242.  
  243. Code: S!Ri
  244.  
  245.  
  246.  
  247.  
  248.  
  249.  
  250.  
  251. »»»»»»»»»»»»»»»»»»»»»»»» VACFix
  252.  
  253. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  254.  
  255.  
  256.  
  257. VACFix
  258.  
  259. Credits: Malware Analysis & Diagnostic
  260.  
  261. Code: S!Ri
  262.  
  263.  
  264.  
  265.  
  266.  
  267. »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
  268.  
  269. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  270.  
  271.  
  272.  
  273. 404Fix
  274.  
  275. Credits: Malware Analysis & Diagnostic
  276.  
  277. Code: S!Ri
  278.  
  279.  
  280.  
  281.  
  282.  
  283. »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
  284.  
  285. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  286.  
  287.  
  288.  
  289. AntiXPVSTFix
  290.  
  291. Credits: Malware Analysis & Diagnostic
  292.  
  293. Code: S!Ri
  294.  
  295.  
  296.  
  297.  
  298.  
  299.  
  300.  
  301. »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
  302.  
  303. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  304.  
  305.  
  306.  
  307. SrchSTS.exe by S!Ri
  308.  
  309. Search SharedTaskScheduler's .dll
  310.  
  311.  
  312.  
  313.  
  314.  
  315. »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
  316.  
  317. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  318.  
  319.  
  320.  
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  322.  
  323. "AppInit_DLLs"=""
  324.  
  325.  
  326.  
  327.  
  328.  
  329. »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
  330.  
  331. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  332.  
  333.  
  334.  
  335. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  336.  
  337. "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
  338.  
  339. "System"=""
  340.  
  341.  
  342.  
  343.  
  344.  
  345. »»»»»»»»»»»»»»»»»»»»»»»» RK
  346.  
  347.  
  348.  
  349.  
  350.  
  351.  
  352.  
  353. »»»»»»»»»»»»»»»»»»»»»»»» DNS
  354.  
  355.  
  356.  
  357.  
  358.  
  359.  
  360.  
  361. »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
  362.  
  363.  
  364.  
  365.  
  366.  
  367. »»»»»»»»»»»»»»»»»»»»»»»» Fin

et voilà :

SmitFraudFix v2.345



Rapport fait à 20:23:34,40, 04/09/2008

Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est FAT32

Fix executé en mode sans echec



»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus





»»»»»»»»»»»»»»»»»»»»»»»» hosts





127.0.0.1 localhost



»»»»»»»»»»»»»»»»»»»»»»»» VACFix



VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri





»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix



S!Ri's WS2Fix: LSP not Found.




»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix



GenericRenosFix by S!Ri





»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés



C:\WINDOWS\privacy_danger\ supprimé

C:\DOCUME~1\ADMIN\BUREAU\Privacy Protector.url supprimé

C:\DOCUME~1\ADMIN\FAVORIS\Error Cleaner.url supprimé

C:\DOCUME~1\ADMIN\FAVORIS\Privacy Protector.url supprimé

C:\DOCUME~1\ADMIN\FAVORIS\Spyware?Malware Protection.url supprimé



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix



IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri







»»»»»»»»»»»»»»»»»»»»»»»» 404Fix



404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri





»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix



AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri







»»»»»»»»»»»»»»»»»»»»»»»» RK





»»»»»»»»»»»»»»»»»»»»»»»» DNS







»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires





»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""





»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre



Nettoyage terminé.



»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll





»»»»»»»»»»»»»»»»»»»»»»»» Fin


le voici :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:20, on 04/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MyWebSearch\bar\2.bin\m3SkPlay.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: QXK Olive - {4A10BF18-AE42-4D89-8D72-0742D83AA2C6} - C:\WINDOWS\wnlmdakqqas.dll (file missing)

O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: bgrqfetx - {E0597566-BAA7-49B5-875B-5E203D363229} - C:\WINDOWS\bgrqfetx.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [{af80c20b-fa3d-4cdf-97b5-a319f57e7367}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll" DllStart

O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: xokvrpwg - {FBF94A46-F36F-4AEF-A47D-0C37D4D44747} - C:\WINDOWS\xokvrpwg.dll (file missing)

O21 - SSODL: tfnslopk - {6B2EB1ED-5BA8-4A18-A531-200F5CAC2A2E} - C:\WINDOWS\tfnslopk.dll (file missing)

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



--

End of file - 10750 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    voila :

    ComboFix 08-09-03.06 - Admin 2008-09-04 20:37:24.1 - FAT32x86

    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.678 [GMT 2:00]

    Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

    * Création d'un nouveau point de restauration



    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    .



    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

    .



    C:\Documents and Settings\Admin\Application Data\FunWebProducts

    C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk

    C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk

    C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt

    C:\Documents and Settings\Admin\Cookies\admin@clickintext[1].txt

    C:\Documents and Settings\Admin\Menu Démarrer\NOCREDITCARD.lnk

    C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Antivirus 2008 PRO

    C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk

    C:\Documents and Settings\Admin\ravmonlog

    C:\Documents and Settings\All Users\Application Data\Secure Solutions

    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806110857937.log

    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806113946765.log

    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806115039156.log

    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806120309328.log

    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806150943109.log

    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806153216000.log

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCPrivacyCleaner

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCPrivacyCleaner\PCPrivacyCleaner.lnk

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk

    C:\Program Files\Antivirus 2008 PRO

    C:\Program Files\Antivirus 2008 PRO\vscan.tsi

    C:\Program Files\Antivirus 2008 PRO\zlib.dll

    C:\Program Files\FunWebProducts

    C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html

    C:\Program Files\Instant Access

    C:\Program Files\instant access\Center\NoCreditCard.lnk

    C:\Program Files\instant access\DesktopIcons\NoCreditCard.lnk

    C:\Program Files\instant access\Multi\20070621140642\Common\module.php

    C:\Program Files\instant access\Multi\20070621140642\dialerexe.ini

    C:\Program Files\instant access\Multi\20070621140642\js\js_api_dialer.php

    C:\Program Files\instant access\Multi\20070621140642\medias\button1.jpg

    C:\Program Files\instant access\Multi\20070621140642\medias\button2.jpg

    C:\Program Files\instant access\Multi\20070621140642\medias\button3.jpg

    C:\Program Files\instant access\Multi\20070621140642\medias\button4.jpg

    C:\Program Files\instant access\Multi\20070621140642\medias\dialer.ico

    C:\Program Files\internet explorer\msimg32.dll

    C:\Program Files\MyWebSearch

    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL

    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

    C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

    C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

    C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG

    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

    C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

    C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL

    C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE

    C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

    C:\Program Files\MyWebSearch\bar\Cache\000179BF

    C:\Program Files\MyWebSearch\bar\Cache\000B7365

    C:\Program Files\MyWebSearch\bar\Cache\000B74EC.bin

    C:\Program Files\MyWebSearch\bar\Cache\000B9A17.bin

    C:\Program Files\MyWebSearch\bar\Cache\000B9B50.bin

    C:\Program Files\MyWebSearch\bar\Cache\000B9D05.bin

    C:\Program Files\MyWebSearch\bar\Cache\00197882.bin

    C:\Program Files\MyWebSearch\bar\Cache\00197A27.bin

    C:\Program Files\MyWebSearch\bar\Cache\00197C6A.bin

    C:\Program Files\MyWebSearch\bar\Cache\00197DC1.bin

    C:\Program Files\MyWebSearch\bar\Cache\00197F48.bin

    C:\Program Files\MyWebSearch\bar\Cache\029819D3.bin

    C:\Program Files\MyWebSearch\bar\Cache\02981B69.bin

    C:\Program Files\MyWebSearch\bar\Cache\02981CD1.bin

    C:\Program Files\MyWebSearch\bar\Cache\02981F51

    C:\Program Files\MyWebSearch\bar\Cache\0395F0CC.bin

    C:\Program Files\MyWebSearch\bar\Cache\files.ini

    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

    C:\Program Files\MyWebSearch\bar\History\search2

    C:\Program Files\MyWebSearch\bar\History\search3

    C:\Program Files\MyWebSearch\bar\icons\CM.ICO

    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

    C:\Program Files\MyWebSearch\bar\icons\WB.ICO

    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

    C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm

    C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm

    C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm

    C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm

    C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm

    C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm

    C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif

    C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif

    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

    C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

    C:\Program Files\PCPrivacyCleaner

    C:\WINDOWS\dialerexe.ini

    C:\WINDOWS\system32\drivers\npf.sys

    C:\WINDOWS\system32\f3PSSavr.scr

    C:\WINDOWS\system32\packet.dll

    C:\WINDOWS\system32\pthreadVC.dll

    C:\WINDOWS\system32\wpcap.dll

    C:\WINDOWS\system32\wxmmin.dll

    C:\WINDOWS\xml2u32h.dll



    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .



    -------\Legacy_MYWEBSEARCHSERVICE

    -------\Service_MyWebSearchService

    -------\Service_NPF





    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))))))))

    .



    2008-09-04 20:01 . 2008-09-04 20:23 4,962 --a------ C:\WINDOWS\system32\tmp.reg

    2008-09-04 20:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

    2008-09-04 20:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

    2008-09-04 20:00 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe

    2008-09-04 20:00 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

    2008-09-04 20:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

    2008-09-04 20:00 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

    2008-09-04 20:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe

    2008-09-04 20:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

    2008-09-04 20:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

    2008-09-04 20:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

    2008-09-03 23:39 . 2008-09-03 23:39 <REP> d-------- C:\Program Files\Trend Micro

    2008-08-19 15:47 . 2008-08-19 15:47 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

    2008-08-15 13:16 . 2008-08-15 13:16 <REP> d-------- C:\Program Files\Music Mixer 4

    2008-08-07 12:36 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

    2008-08-07 12:36 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys

    2008-08-06 15:26 . 2004-08-05 05:00 634,880 --a------ C:\WINDOWS\system32\getuname.dll

    2008-08-06 12:03 . 2008-08-06 12:03 <REP> d-------- C:\WINDOWS\CAVTemp

    2008-08-06 11:23 . 2008-08-06 11:23 <REP> d-------- C:\Documents and Settings\Admin\Application Data\TuneUp Software

    2008-08-06 11:09 . 2008-08-06 11:09 64,362 --a------ C:\WINDOWS\system32\taqwewqeml.exe

    2008-08-06 11:08 . 2008-08-06 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services

    2008-08-05 12:36 . 2008-08-05 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

    2008-08-05 12:36 . 2008-08-05 12:36 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Azureus

    2008-08-05 12:35 . 2008-08-05 12:35 <REP> d-------- C:\Program Files\Azureus

    2008-08-05 12:35 . 2008-08-05 12:35 <REP> d-------- C:\Program Files\AskSBar

    2008-08-04 18:55 . 2008-08-04 18:55 <REP> d-------- C:\Program Files\Sonic Foundry

    2008-08-04 18:55 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll

    2008-08-04 18:55 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll

    2008-08-04 18:55 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll

    2008-08-04 18:55 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll

    2008-08-04 18:55 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx

    2008-08-04 18:55 . 2008-08-04 18:55 156,910 --a------ C:\WINDOWS\WMSysPr8.prx



    .

    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

    2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

    2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

    2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

    2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys

    2007-11-22 15:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

    2007-08-20 10:21 56,688 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT

    2007-08-13 14:55 8 ----a-w C:\Documents and Settings\Admin\Application Data\usb.dat.bin

    .



    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    REGEDIT4



    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-05 66912]



    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]



    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

    2008-08-05 12:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL



    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LaunchApp"="Alaunch" [X]

    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]

    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]

    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]

    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]

    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]

    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]

    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 344064]

    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]

    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]

    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]

    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 270648]



    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]



    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "C:\\Program Files\\iTunes\\iTunes.exe"=

    "C:\\Program Files\\Azureus\\Azureus.exe"=

    "C:\\Program Files\\eMule\\eMule.exe"=



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    "13254:TCP"= 13254:TCP:NortonAV



    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]

    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]

    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]

    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]

    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]

    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]



    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{018b4900-2e36-11dd-8352-0013ce9035db}]

    \Shell\AutoRun\command - G:\LaunchU3.exe -a



    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede6d330-1d7c-11dc-8246-0013ce9035db}]

    \Shell\AutoRun\command - F:\ReadMe.exe

    .

    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    .

    - - - - ORPHANS REMOVED - - - -



    HKLM-Run-{af80c20b-fa3d-4cdf-97b5-a319f57e7367} - C:\WINDOWS\system32\kecnkmoatvcrxmla.dll

    HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

    HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

    HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe





    .

    ------- Supplementary Scan -------

    .

    FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\e3pk1zoz.default\

    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com/

    FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll

    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

    .



    **************************************************************************



    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-09-04 20:40:58

    Windows 5.1.2600 Service Pack 2 FAT NTAPI



    Balayage processus cach‚s ...



    Balayage cach‚ autostart entries ...



    Balayage des fichiers cach‚s ...



    Scan termin‚ avec succŠs

    Les fichiers cach‚s: 0



    **************************************************************************



    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

    "ImagePath"="\??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mc22.tmp"

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE

    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE

    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

    C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

    C:\WINDOWS\system32\wscntfy.exe

    C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE

    .

    **************************************************************************

    .

    Temps d'accomplissement: 2008-09-04 20:43:17 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-09-04 18:43:14



    Pre-Run: 27,761,803,264 octets libres

    Post-Run: 27,799,781,376 octets libres



    341 --- E O F --- 2008-09-02 16:18:17

    On verra ces questions à la fin.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    voici le rapport MBAM :

    Malwarebytes' Anti-Malware 1.26

    Version de la base de données: 1103

    Windows 5.1.2600 Service Pack 2



    05/09/2008 09:47:09

    mbam-log-2008-09-05 (09-47-09).txt



    Type de recherche: Examen complet (C:\|D:\|)

    Eléments examinés: 99063

    Temps écoulé: 4 hour(s), 29 minute(s), 51 second(s)



    Processus mémoire infecté(s): 0

    Module(s) mémoire infecté(s): 0

    Clé(s) du Registre infectée(s): 110

    Valeur(s) du Registre infectée(s): 2

    Elément(s) de données du Registre infecté(s): 0

    Dossier(s) infecté(s): 0

    Fichier(s) infecté(s): 65



    Processus mémoire infecté(s):

    (Aucun élément nuisible détecté)



    Module(s) mémoire infecté(s):

    (Aucun élément nuisible détecté)



    Clé(s) du Registre infectée(s):

    HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mxlivemedia (Malware.Trace) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\bgrqfetx.bbae (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.



    Valeur(s) du Registre infectée(s):

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.



    Elément(s) de données du Registre infecté(s):

    (Aucun élément nuisible détecté)



    Dossier(s) infecté(s):

    (Aucun élément nuisible détecté)



    Fichier(s) infecté(s):

    C:\WINDOWS\system32\taqwewqeml.exe (Malware.Trace) -> Quarantined and deleted successfully.

    C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

    C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032880.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032881.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032882.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032883.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032884.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032885.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032886.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032887.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032888.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032889.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032890.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032891.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032892.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032894.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032895.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032896.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032898.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032899.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032900.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032901.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033116.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033117.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033118.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033119.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033121.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033123.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033125.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033128.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033130.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033131.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033133.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033136.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033137.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033138.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033144.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033145.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033149.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033151.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033162.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033164.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\WINDOWS\xml2u32h.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Admin\Bureau\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 18:54:40, on 05/09/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Arcade\PCMService.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\acer\epm\epm-dm.exe

    C:\Program Files\Launch Manager\QtZgAcer.EXE

    C:\Program Files\Acer\eRecovery\Monitor.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\SuperCopier2\SuperCopier2.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    O4 - HKLM\..\Run: [LaunchApp] Alaunch

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



    --

    End of file - 8510 bytes

    rapport antivir :





    Avira AntiVir Personal

    Report file date: vendredi 5 septembre 2008 19:27



    Scanning for 1369550 virus strains and unwanted programs.



    Licensed to: Avira AntiVir PersonalEdition Classic

    Serial number: 0000149996-ADJIE-0001

    Platform: Windows XP

    Windows version: (Service Pack 2) [5.1.2600]

    Boot mode: Normally booted

    Username: SYSTEM

    Computer name: ACER-19B694409A



    Version information:

    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54

    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42

    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20

    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54

    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16

    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:54

    ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:48

    Engineversion : 8.1.1.19

    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22

    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:48

    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50

    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50

    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36

    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:22

    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:48

    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50

    AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:48

    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22

    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22

    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50

    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06

    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02

    AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:22

    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42

    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24

    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50

    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04

    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42

    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12

    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08

    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38



    Configuration settings for the scan:

    Jobname..........................: Complete system scan

    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

    Logging..........................: low

    Primary action...................: interactive

    Secondary action.................: ignore

    Scan master boot sector..........: on

    Scan boot sector.................: on

    Boot sectors.....................: C:, D:,

    Process scan.....................: on

    Scan registry....................: on

    Search for rootkits..............: off

    Scan all files...................: Intelligent file selection

    Scan archives....................: on

    Recursion depth..................: 20

    Smart extensions.................: on

    Macro heuristic..................: on

    File heuristic...................: medium



    Start of the scan: vendredi 5 septembre 2008 19:27



    The scan of running processes will be started

    Scan process 'avscan.exe' - '1' Module(s) have been scanned

    Scan process 'avcenter.exe' - '1' Module(s) have been scanned

    Scan process 'avgnt.exe' - '1' Module(s) have been scanned

    Scan process 'avguard.exe' - '1' Module(s) have been scanned

    Scan process 'sched.exe' - '1' Module(s) have been scanned

    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

    Scan process 'iPodService.exe' - '1' Module(s) have been scanned

    Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned

    Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned

    Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned

    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

    Scan process 'jusched.exe' - '1' Module(s) have been scanned

    Scan process 'Monitor.exe' - '1' Module(s) have been scanned

    Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned

    Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned

    Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned

    Scan process 'PCMService.exe' - '1' Module(s) have been scanned

    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

    Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned

    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

    Scan process 'ALG.EXE' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

    42 processes with 42 modules were scanned



    Starting master boot sector scan:

    Master boot sector HD0

    [INFO] No virus was found!

    Master boot sector HD1

    [INFO] No virus was found!



    Start scanning boot sectors:

    Boot sector 'C:\'

    [INFO] No virus was found!

    Boot sector 'D:\'

    [INFO] No virus was found!



    Starting to scan the registry.

    The registry was scanned ( '69' files ).





    Starting the file scan:



    Begin scan in 'C:\' <ACER>

    C:\pagefile.sys

    [WARNING] The file could not be opened!

    C:\hiberfil.sys

    [WARNING] The file could not be opened!

    Begin scan in 'D:\' <ACERDATA>





    End of the scan: vendredi 5 septembre 2008 19:53

    Used time: 26:18 Minute(s)



    The scan has been done completely.



    5922 Scanning directories

    296598 Files were scanned

    0 viruses and/or unwanted programs were found

    0 Files were classified as suspicious:

    0 files were deleted

    0 files were repaired

    0 files were moved to quarantine

    0 files were renamed

    2 Files cannot be scanned

    296596 Files not concerned

    7059 Archives were scanned

    2 Warnings

    0 Notes


    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:55:11, on 05/09/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Arcade\PCMService.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\acer\epm\epm-dm.exe

    C:\Program Files\Launch Manager\QtZgAcer.EXE

    C:\Program Files\Acer\eRecovery\Monitor.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\SuperCopier2\SuperCopier2.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe



    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    O4 - HKLM\..\Run: [LaunchApp] Alaunch

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



    --

    End of file - 8442 bytes

    Re,

    Télécharge Toolbar-S&D ([#ff0000]Team IDN[/#ff]) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)

    Re,
    voici :


    -----------\\ ToolBar S&D 1.1.7 XP/Vista



    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )

    BIOS : Phoenix NoteBIOS 4.0 Release 6.1

    USER : Admin ( Administrator )

    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)



    "C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )

    Option : [1] ( 06/09/2008|13:32 )



    -----------\\ Recherche de Fichiers / Dossiers ...



    C:\Program Files\AskSBar

    C:\Program Files\AskSBar\bar

    C:\Program Files\AskSBar\SrchAstt

    C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[1].txt

    C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[2].txt

    C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[4].txt

    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll



    -----------\\ Extensions



    (Admin) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar





    -----------\\ [..\Internet Explorer\Main]



    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    "Local Page"="C:\\windows\\system32\\blank.htm"

    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."

    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."



    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

    "Local Page"="C:\\windows\\system32\\blank.htm"

    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"





    --------------------\\ Recherche d'autres infections





    Aucune autre infection trouvée !





    1 - "C:\ToolBar SD\TB_1.txt" - 06/09/2008|13:35 - Option : [1]



    -----------\\ Fin du rapport a 13:35:08,32




    -----------\\ ToolBar S&D 1.1.7 XP/Vista



    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )

    BIOS : Phoenix NoteBIOS 4.0 Release 6.1

    USER : Admin ( Administrator )

    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)



    "C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )

    Option : [2] ( 06/09/2008|13:43 )



    -----------\\ SUPPRESSION



    Supprime! - C:\Program Files\AskSBar\bar

    Supprime! - C:\Program Files\AskSBar\SrchAstt

    Supprime! - C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[1].txt

    Supprime! - C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[2].txt

    Supprime! - C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[4].txt

    Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

    Supprime! - C:\Program Files\AskSBar



    -----------\\ Recherche de Fichiers / Dossiers ...





    -----------\\ Extensions



    (Admin) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar





    -----------\\ [..\Internet Explorer\Main]



    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    "Local Page"="C:\\windows\\system32\\blank.htm"

    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."

    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."



    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

    "Local Page"="C:\\windows\\system32\\blank.htm"

    "Start Page"="http://www.msn.com/"





    --------------------\\ Recherche d'autres infections





    Aucune autre infection trouvée !





    1 - "C:\ToolBar SD\TB_1.txt" - 06/09/2008|13:35 - Option : [1]

    2 - "C:\ToolBar SD\TB_2.txt" - 06/09/2008|13:44 - Option : [2]



    -----------\\ Fin du rapport a 13:44:47,04


    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:17:30, on 06/09/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Acer\eRecovery\Monitor.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Arcade\PCMService.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\acer\epm\epm-dm.exe

    C:\Program Files\Launch Manager\QtZgAcer.EXE

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\SuperCopier2\SuperCopier2.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe



    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [LaunchApp] Alaunch

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



    --

    End of file - 7949 bytes

    J'arrive toujours pas à connecté le pc a internet en wifi : il me dit qu'il capte des réseaux mais quand je fais actualiser la liste des réseaux il n'en voit aucun alors que c'est sur qu'il y en a. Je sais pas si ça peut venir d'un virus, je vais peut-être poster ailleurs.
    En tout cas merci beaucoup de t'être occupé de mon problème.
    Lassé par la pub ? Créez un compte

    Répondre Créer un nouveau sujet

    Tom's guide dans le monde