triangle jaune clignotant, security toolbar 7.1, etc - Page 2
Forum Sécurité - Virus : triangle jaune clignotant, security toolbar 7.1, etc
Reprise du message précédent :
bonsoir
fais ce que te demande Angeldark stp et fais cecic aussi:
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/
~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.
~Sélectionne le poste de travail comme analyse.
~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.
Aide
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:43, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\program\soffice.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe http://www.symantec.com/techsupp/s [...] 8.000000d8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [Time Wait] C:\DOCUME~1\Salima\APPLIC~1\ThisMix\Hideeggsrule.exe (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [dlmMgr] "C:\Program Files\Fichiers communs\Adobe\ESD\AdobeDownloadManager.exe" restart=1 (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [Instant Access] C:\WINDOWS\system32\inetmodl.exe /run (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [iLike] C:\Program Files\iLike\1.1.16\ilikesidebar.exe /checkforupdate (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Salima')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawfl [...] awflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9456806656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1082381687
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/cl [...] .2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 16987 bytes
bonsoir
je ne sais pas comment tu as fait mais tu as réussi à reprendre deux nouvelles infections...
attention à ce que tu cliques...
ces infections sont faciles à enlever, ne panique pas ;O)
1
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
2
Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat.
Sélectionne la langue en tapant sur 1 puis en validant avec la touche Entrée.
Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bonsoir,
deux nouvelles infections? olala... mais c'est démotivant ça.. je suis pas la seule à utiliser cet ordi, donc c'est vrai que je ne peux pas tous contrôler..
pour le moment, je vais lancer l'analyse sur le site de Kaspersky, puis je poursuivrai ta procédure.
merci Sham-Rock@ IDN
l'analyse ne veut pas se lancer, voici ce qu'il est écrit :
echec du chargement du contrôle activeX Kaspersky on-line scanner !
vous devez jouir des privilèges d'administrateur sur ce poste ; en outre, il faut configurer le niveau de sécurité IE sur moyen
voici l'analyse navilog :
Search Navipromo version 3.3.6 commencé le 23/11/2007 à 21:13:32,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Loubna\Application Data ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun fichier trouvé dans :
- C:\WINDOWS\system32
- C:\DOCUME~1\LOUBNA\LOCALS~1\APPLIC~1
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans C:\DOCUME~1\LOUBNA\LOCALS~1\APPLIC~1 *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
3)Recherche Certificats :
Certificat Egroup absent !
*** Analyse terminée le 23/11/2007 à 21:14:18,32 ***
et voila le rapport lop :
------------------------------[ Lop S&D 1.5 ]----------------------------
Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
Lancé depuis : "C:\Documents and Settings\Loubna\Bureau\Lop S&D"
Rapport créé Le 23/11/2007 à 21:17:31,60 PC : MEDION
! Faire analyser le rapport par un Helper avant intervention !
-------------[ Listing des Dossiers dans Application Data ]-------------
C:\Documents and settings\All Users\Application Data\Google Updater
C:\Documents and settings\All Users\Application Data\Symantec
C:\Documents and settings\All Users\Application Data\UniversalisV12
C:\Documents and settings\All Users\Application Data\addr_file.html
C:\Documents and settings\All Users\Application Data\Avira
C:\Documents and settings\All Users\Application Data\piledriveboldshow
C:\Documents and settings\All Users\Application Data\Software rule flag owns
C:\Documents and settings\All Users\Application Data\pixelStorm
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\TEMP
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Apple
C:\Documents and settings\All Users\Application Data\Mozilla
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\Link Data Security
C:\Documents and settings\All Users\Application Data\UniversalisV11
C:\Documents and settings\All Users\Application Data\Adobe Systems
C:\Documents and settings\All Users\Application Data\Macrovision
C:\Documents and settings\All Users\Application Data\BOONTY
C:\Documents and settings\All Users\Application Data\Ciel
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Yahoo! Companion
C:\Documents and settings\All Users\Application Data\Ahead
C:\Documents and settings\All Users\Application Data\FaxCtr
C:\Documents and settings\All Users\Application Data\CyberLink
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\SBSI
C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\CyberLink
C:\Documents and settings\Default User\Application Data\Sun
C:\Documents and settings\Default User\Application Data\Musicmatch
C:\Documents and settings\Default User\Application Data\Real
C:\Documents and settings\Default User\Application Data\Adobe
C:\Documents and settings\Default User\Application Data\Macromedia
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Invit‚\Application Data\CyberLink
C:\Documents and settings\Invit‚\Application Data\Microsoft
C:\Documents and settings\Invit‚\Application Data\Sun
C:\Documents and settings\Invit‚\Application Data\Musicmatch
C:\Documents and settings\Invit‚\Application Data\Real
C:\Documents and settings\Invit‚\Application Data\Adobe
C:\Documents and settings\Invit‚\Application Data\Macromedia
C:\Documents and settings\Invit‚\Application Data\desktop.ini
C:\Documents and settings\Invit‚\Application Data\Identities
C:\Documents and settings\LocalService\Application Data\ThisMix
C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\LocalService\Application Data\Google
C:\Documents and settings\LocalService\Application Data\FaxCtr
C:\Documents and settings\LocalService\Application Data\Help
C:\Documents and settings\LocalService\Application Data\X10 Commander
C:\Documents and settings\Loubna\Application Data\Grisoft
C:\Documents and settings\Loubna\Application Data\iLike
C:\Documents and settings\Loubna\Application Data\MaxiMemo
C:\Documents and settings\Loubna\Application Data\DivX
C:\Documents and settings\Loubna\Application Data\Hotbar_Icons
C:\Documents and settings\Loubna\Application Data\BitZipper
C:\Documents and settings\Loubna\Application Data\Apple Computer
C:\Documents and settings\Loubna\Application Data\AdobeUM
C:\Documents and settings\Loubna\Application Data\Talkback
C:\Documents and settings\Loubna\Application Data\Mozilla
C:\Documents and settings\Loubna\Application Data\Adobe
C:\Documents and settings\Loubna\Application Data\Universalis V12
C:\Documents and settings\Loubna\Application Data\Panasonic
C:\Documents and settings\Loubna\Application Data\ArcSoft
C:\Documents and settings\Loubna\Application Data\AdobeDLM.log
C:\Documents and settings\Loubna\Application Data\dm.ini
C:\Documents and settings\Loubna\Application Data\Google
C:\Documents and settings\Loubna\Application Data\Ahead
C:\Documents and settings\Loubna\Application Data\Microsoft
C:\Documents and settings\Loubna\Application Data\Yahoo!
C:\Documents and settings\Loubna\Application Data\Wannadoo
C:\Documents and settings\Loubna\Application Data\PEX
C:\Documents and settings\Loubna\Application Data\ispnews
C:\Documents and settings\Loubna\Application Data\sversion.ini
C:\Documents and settings\Loubna\Application Data\user60.rdb
C:\Documents and settings\Loubna\Application Data\FaxCtr
C:\Documents and settings\Loubna\Application Data\Universalis V11
C:\Documents and settings\Loubna\Application Data\Help
C:\Documents and settings\Loubna\Application Data\CyberLink
C:\Documents and settings\Loubna\Application Data\Sun
C:\Documents and settings\Loubna\Application Data\Musicmatch
C:\Documents and settings\Loubna\Application Data\Real
C:\Documents and settings\Loubna\Application Data\Macromedia
C:\Documents and settings\Loubna\Application Data\desktop.ini
C:\Documents and settings\Loubna\Application Data\Identities
C:\Documents and settings\Messaouda\Application Data\MaxiMemo
C:\Documents and settings\Messaouda\Application Data\FaxCtr
C:\Documents and settings\Messaouda\Application Data\Adobe
C:\Documents and settings\Messaouda\Application Data\Grisoft
C:\Documents and settings\Messaouda\Application Data\Talkback
C:\Documents and settings\Messaouda\Application Data\Mozilla
C:\Documents and settings\Messaouda\Application Data\AdobeUM
C:\Documents and settings\Messaouda\Application Data\Google
C:\Documents and settings\Messaouda\Application Data\ArcSoft
C:\Documents and settings\Messaouda\Application Data\Microsoft
C:\Documents and settings\Messaouda\Application Data\Universalis V11
C:\Documents and settings\Messaouda\Application Data\user60.rdb
C:\Documents and settings\Messaouda\Application Data\OFFICE One v6
C:\Documents and settings\Messaouda\Application Data\sversion.ini
C:\Documents and settings\Messaouda\Application Data\CyberLink
C:\Documents and settings\Messaouda\Application Data\Sun
C:\Documents and settings\Messaouda\Application Data\Musicmatch
C:\Documents and settings\Messaouda\Application Data\Real
C:\Documents and settings\Messaouda\Application Data\Macromedia
C:\Documents and settings\Messaouda\Application Data\desktop.ini
C:\Documents and settings\Messaouda\Application Data\Identities
C:\Documents and settings\momo\Application Data\LimeWire
C:\Documents and settings\momo\Application Data\MaxiMemo
C:\Documents and settings\momo\Application Data\GetRightToGo
C:\Documents and settings\momo\Application Data\iLike
C:\Documents and settings\momo\Application Data\sversion.ini
C:\Documents and settings\momo\Application Data\user60.rdb
C:\Documents and settings\momo\Application Data\Grisoft
C:\Documents and settings\momo\Application Data\Adobe
C:\Documents and settings\momo\Application Data\Talkback
C:\Documents and settings\momo\Application Data\Mozilla
C:\Documents and settings\momo\Application Data\Yahoo!
C:\Documents and settings\momo\Application Data\DivX
C:\Documents and settings\momo\Application Data\Microsoft
C:\Documents and settings\momo\Application Data\Google
C:\Documents and settings\momo\Application Data\Ahead
C:\Documents and settings\momo\Application Data\Apple Computer
C:\Documents and settings\momo\Application Data\AdobeUM
C:\Documents and settings\momo\Application Data\FaxCtr
C:\Documents and settings\momo\Application Data\CyberLink
C:\Documents and settings\momo\Application Data\Sun
C:\Documents and settings\momo\Application Data\Musicmatch
C:\Documents and settings\momo\Application Data\Real
C:\Documents and settings\momo\Application Data\Macromedia
C:\Documents and settings\momo\Application Data\desktop.ini
C:\Documents and settings\momo\Application Data\Identities
C:\Documents and settings\NetworkService\Application Data\Macromedia
C:\Documents and settings\NetworkService\Application Data\Microsoft
C:\Documents and settings\NetworkService\Application Data\FaxCtr
C:\Documents and settings\NetworkService\Application Data\X10 Commander
C:\Documents and settings\Propri‚taire\Application Data\Real
C:\Documents and settings\Rebia‹\Application Data\Help
C:\Documents and settings\Rebia‹\Application Data\ArcSoft
C:\Documents and settings\Rebia‹\Application Data\Google
C:\Documents and settings\Rebia‹\Application Data\FaxCtr
C:\Documents and settings\Rebia‹\Application Data\CyberLink
C:\Documents and settings\Rebia‹\Application Data\Microsoft
C:\Documents and settings\Rebia‹\Application Data\Sun
C:\Documents and settings\Rebia‹\Application Data\Musicmatch
C:\Documents and settings\Rebia‹\Application Data\Real
C:\Documents and settings\Rebia‹\Application Data\Adobe
C:\Documents and settings\Rebia‹\Application Data\Macromedia
C:\Documents and settings\Rebia‹\Application Data\desktop.ini
C:\Documents and settings\Rebia‹\Application Data\Identities
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\B1DECA8A918579A6.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans Program Files ]--------------
C:\Program Files\Abbyy FineReader 6.0 Sprint
C:\Program Files\Activision
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\Athan
C:\Program Files\ATI Technologies
C:\Program Files\Avira
C:\Program Files\Belkin
C:\Program Files\BitZipper
C:\Program Files\BoontyGames
C:\Program Files\CCleaner
C:\Program Files\CeWe Color
C:\Program Files\Common Files
C:\Program Files\Cryo
C:\Program Files\CyberLink
C:\Program Files\directx
C:\Program Files\DivX
C:\Program Files\EA GAMES
C:\Program Files\eMule
C:\Program Files\EZFace
C:\Program Files\Fichiers communs
C:\Program Files\F-IRC
C:\Program Files\FLV PlayerFCSetup.exe
C:\Program Files\FLV PlayerRCATSetup.exe
C:\Program Files\FLV PlayerRCSetup.exe
C:\Program Files\Freecorder
C:\Program Files\Google
C:\Program Files\Grisoft
C:\Program Files\help
C:\Program Files\HighMAT CD Writing Wizard
C:\Program Files\Home Cinema
C:\Program Files\INSTALL.LOG
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Lexmark 6200 Series
C:\Program Files\Lexmark Fax Solutions
C:\Program Files\Lexmark_6200 Series
C:\Program Files\license.html
C:\Program Files\license.txt
C:\Program Files\LivePix 1.1 SE
C:\Program Files\Lx_cats
C:\Program Files\MaxiMemo
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Games
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft SQL Server
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSN Toolbar
C:\Program Files\MSNServersX
C:\Program Files\MSXML 4.0
C:\Program Files\Musicmatch
C:\Program Files\Navilog1
C:\Program Files\NCH Software
C:\Program Files\NetMeeting
C:\Program Files\OFFICE One 6.5.lnk
C:\Program Files\OFFICE One Setup.lnk
C:\Program Files\OFFICE One6.5
C:\Program Files\Online Services
C:\Program Files\ooversion.txt
C:\Program Files\Orange HSS
C:\Program Files\OrangeHSS
C:\Program Files\Outlook Express
C:\Program Files\Panasonic
C:\Program Files\PhotoFiltre
C:\Program Files\PixDiscount
C:\Program Files\program
C:\Program Files\QuickTime
C:\Program Files\Readiris Pro 8
C:\Program Files\readme.html
C:\Program Files\readme.txt
C:\Program Files\Real
C:\Program Files\SAMSUNG
C:\Program Files\Securitoo
C:\Program Files\Services en ligne
C:\Program Files\share
C:\Program Files\Share_Accelerator
C:\Program Files\Shareaza
C:\Program Files\Sony
C:\Program Files\Sony Setup
C:\Program Files\Trend Micro
C:\Program Files\Trust
C:\Program Files\Ubi Soft
C:\Program Files\Universalis
C:\Program Files\user
C:\Program Files\Valusoft
C:\Program Files\Wanadoo
C:\Program Files\Wanadoo Messager
C:\Program Files\WildTangent
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\WinX 3GP 3G2 PDA MP4 Video Converter
C:\Program Files\WinZip
C:\Program Files\X10 Hardware
C:\Program Files\xerox
C:\Program Files\Xilisoft
C:\Program Files\Yahoo!
------[ Listing des dossiers dans Program Files\Fichiers Communs ]------
C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Adobe Systems Shared
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Apple
C:\program files\fichiers communs\ArcSoft
C:\program files\fichiers communs\AVSMedia
C:\program files\fichiers communs\BOONTY Shared
C:\program files\fichiers communs\Borland Shared
C:\program files\fichiers communs\FDEUnInstaller.exe
C:\program files\fichiers communs\France Telecom
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Macrovision Shared
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\Nero
C:\program files\fichiers communs\Nullsoft
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\PCCamera
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\Symantec Shared
C:\program files\fichiers communs\System
C:\program files\fichiers communs\xing shared
----------------------[ Recherche dans le Registre ]----------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------
C:\Documents and settings\Messaouda\Cookies\messaouda@advertstream[1].txt
C:\Documents and settings\momo\Cookies\momo@advertstream[1].txt
C:\Documents and settings\momo\Cookies\momo@sharpadverts[1].txt
C:\WINDOWS\tasks\B1DECA8A918579A6.job
--------------------[ Vérification du fichier Hosts ]---------------------
Fichier Hosts : Propre
--------------[ Recherche de fichiers cachés avec Catchme ]---------------
catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 21:17:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport à 21:18:33,73 ]----------------------
ok
vous avez supprimé la session de Salima?
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [Time Wait] C:\DOCUME~1\Salima\APPLIC~1\ThisMix\Hideeggsrule.exe (User 'Salima')
O4 - HKUS\S-1-5-21-2618008700-2400621796-1866692630-1007\..\Run: [Instant Access] C:\WINDOWS\system32\inetmodl.exe /run (User 'Salima')
Clique sur Fix checked (en bas à gauche)
Sélectionne TOUS les emplacements en gras ci-dessous :
:\WINDOWS\system32\inetmodl.exe
C:\WINDOWS\tasks\B1DECA8A918579A6.job
C:\Documents and settings\Salima\Application Data\ThisMix
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
non, la session de salima existe toujours...
voila :
File/Folder C:\WINDOWS\system32\inetmodl.exe not found.
C:\WINDOWS\tasks\B1DECA8A918579A6.job moved successfully.
File/Folder C:\Documents and settings\Salima\Application Data\ThisMix not found.
Created on 11/23/2007 22:14:50
tu peux vérifier?
je vois: Loubna, Messaouda, momo, rebia mais pas salima.
tu peux faire le scan en ligne maintenant 
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
j'ai vérifié et je t'assure qu'elle existe bel et bien..
je n'arrive tjs pas à scanner : le même msg que celui cité en haut apparait 
tu as essayé de faire ce qu'ils te demandent?
log toi en admin
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bonsoir,
oui oui j'ai fait ce que l'on me demande : je suis admin sur cet ordi et l'IE est au niveau moyen.
Maintenant, il est écrit "échec de l'initialisation".
que faire ? merci pour ton aide
bonjour
tu fais bien le scan avec IE?
sinon,
essaye chez panda
http://www.monaco-pro.com/cool-lif [...] a/tuto.htm
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bonjour,
le scan est fait avec internet explorer
je tente panda
merci
voici le rapport panda
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-25 16:16:06
PROTECTIONS: 1
MALWARE: 64
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 7.0.1.4
Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wusn.1
00027660 adware/savenow Adware No 0 Yes No hkey_classes_root\wusn.1
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_local_machine\software\mywebsearch
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_local_machine\software\focusinteractive
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
00096053 application/funweb HackTools No 0 Yes No hkey_local_machine\software\funwebproducts
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@atdmt[2].txt
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Loubna\Bureau\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Loubna\Bureau\Lop S&D\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Loubna\Bureau\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Loubna\Bureau\LopSD.zip[Lop S&D/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469575.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP654\A0452433.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469760.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0466718.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469463.exe
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469484.exe[SDFix\apps\Process.exe]
00145083 adware/mirar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
00145083 adware/mirar Adware No 1 Yes No hkey_classes_root\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@mediaplex[1].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@pacificpoker[1].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@pacificpoker[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Application Data\Universalis V12\OMMozilla\Profiles\default\vdztg8cs.slt\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@fe.lea.lycos[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@fe.lea.lycos[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@azjmp[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@888[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@fl01.ct2.comclick[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@media.adrevolver[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@overture[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@zedo[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@int.sitestat[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@int.sitestat[3].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Messaouda\Cookies\messaouda@adultfriendfinder[1].txt
00238695 Application/Pskill.K HackTools No 0 Yes No C:\Documents and Settings\Loubna\Bureau\clean\pskill.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@atwola[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Salima\Cookies\salima@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Loubna\Cookies\loubna@smartadserver[2].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@www.drivecleaner[2].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@drivecleaner[2].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@winantivirus[1].txt
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@systemdoctor[1].txt
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP601\A0396722.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP601\A0396684.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP599\A0395924.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP601\A0396736.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP601\A0396760.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP599\A0394921.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP592\A0385797.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP592\A0386798.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP592\A0386847.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP592\A0387827.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP596\A0393923.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP596\A0392921.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP593\A0387851.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP593\A0388828.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP596\A0391923.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP595\A0388897.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP595\A0388925.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP595\A0389923.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP595\A0390924.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0466720.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP654\A0452435.exe
00530383 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\momo\Cookies\momo@go.drivecleaner[3].txt
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469418.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469418.exe[nircmd.cfexe]
01291402 Adware/NaviPromo Adware No 1 No No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP593\A0387843.exe[²ÜÇ\NSUtils.dll]
01299486 Application/VirusprotectPro HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP593\A0387838.exe
01645054 Application/VirusprotectPro HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP594\A0388859.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP665\A0460189.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0467330.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Salima\f.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0465625.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0465663.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0467317.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0466692.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\momo\f.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP654\A0452434.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Navilog1\reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0466719.exe
02555179 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP612\A0403120.exe
02568003 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP654\A0455385.exe
02572113 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP652\A0449392.exe
02634745 Application/Playmp3z HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP665\A0460190.exe
02642346 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20071121-091119-153.dll
02642346 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469784.dll
02642346 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469785.dll
02642478 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP652\A0448388.exe
02649837 Application/Playmp3z HackTools No 0 No No C:\Documents and Settings\momo\Local Settings\Temp\tem51.tmp.exe[PlayMP3.exe]
02649837 Application/Playmp3z HackTools No 0 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0463340.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP658\A0458640.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP667\A0466854.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP658\A0456652.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP622\A0408618.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP590\A0382801.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\Program Files\Navilog1\Backupnavi\xkyiecn.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\Program Files\Navilog1\Backupnavi\obbgvi.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\Program Files\Navilog1\Backupnavi\iufxyh.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP658\A0458678.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\Program Files\Navilog1\Backupnavi\eauhvnblu.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469632.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469743.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469753.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469754.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469756.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469757.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469759.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\Program Files\Navilog1\Backupnavi\bjfnqetjh.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP661\A0459921.exe
02660997 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP671\A0469514.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
bonsoir
supprime:
C:\Documents and Settings\Salima\f.exe
C:\Documents and Settings\momo\Local Settings\Temp\tem51.tmp.exe
C:\Documents and Settings\momo\f.exe
~Télécharge CCleaner:
http://www.filehippo.com/download_ccleaner/
~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html
reposte un log hijackthis stp
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il y a 2583 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
