Suis-je infecter???Fermé

Question

Bonjour,
Aidez moi les expers suis je-infecté?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:21, on 07/02/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Jules\Program Files\DNA\btdna.exe
C:\Users\Jules\AppData\Local\aykic.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Users\Jules\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup  -product IncrediMail  -report  -ffmsc 12345  
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{ED3DF1A7-E9AD-41C7-A62A-1CDA6E33F517}
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jules\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ukkuu] "c:\users\jules\appdata\local\ukkuu.exe" ukkuu
O4 - HKCU\..\Run: [aykic] "c:\users\jules\appdata\local\aykic.exe" aykic
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9D3B0E16-FCD8-4CC2-AC1A-10CE6B837F93} (Chrysis Core) - http://www.chrysis-online.com/produits/plugins/ChrysisCore.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

Destrio5 · Answer

Salut,

Tu es infecté.

--> Désactive l'UAC le temps de la désinfection.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

- Double-clique sur Navilog1.exe afin de lancer l'installation.

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

- Appuie sur F ou f  puis valide par Entrée.

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

benzema18 · Answer

Achètes un Anti-Virus !

C'est pratique en cas d'infection !  ;)

informaticologue · Answer

Mon infection est grave???

Destrio5 · Answer

Si tu aimes avoir des pubs intempestives, tu peux laisser le PC comme ça.

informaticologue · Answer

nn je n'aime pas 


mais je n'ai pas de PUB intempestives

Destrio5 · Answer

Tu as l'infection Navipromo, tu devrais avoir des pubs.

informaticologue · Answer

j'ai poster ici car Mon MSN ne se lance plus
Je n'ais au aucune pub intempestives

http://www.commentcamarche.net/forum/affich 11300928 wlm se ferme tout de suite aprs le lancement?#dernier

Destrio5 · Answer

Je te conseille fortement de suivre mes manip'.

informaticologue · Answer

je vais les suivre
Le rapport Fixnavi
Search Navipromo version 3.7.5 commencé le 28/02/2009 à 21:52:55,39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Jules ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)


C:\ (Local Disk) - NTFS - Total:457 Go (Free:193 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\jules\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Jules\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Colin\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\Jules\AppData\Local" ***



*** Recherche dossiers dans "C:\Users\Colin\AppData\Local" *** 




*** Recherche dossiers dans "C:\Users\Jules\AppData\Roaming" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Users\Colin\appdataoaming" ***


*** Recherche dossiers dans "C:\Users\TEMP\appdataoaming" ***


*** Recherche dossiers dans "C:\Users\TEMP~1.PC-\appdataoaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Jules\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Jules\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Jules\AppData\Local" *

* Recherche dans "C:\Users\Colin\AppData\Local" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Jules\AppData\Local\Microsoft" :


* Dans "C:\Users\Jules\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\Jules\AppData\Local" :

aykic.exe trouvé !
aykic.dat trouvé !
aykic_nav.dat trouvé !
aykic_navps.dat trouvé !

* Dans "C:\Users\Colin\AppData\Local" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 28/02/2009 à 22:17:36,79 ***

Destrio5 · Answer

MessengerSkinner est une cochonnerie, à ne pas réinstaller.

---> Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).

informaticologue · Answer

Je suis au courant pour messengerskinner un pote me l'avait envoyé et j'avais télécharger sans regarder! Je men mords les doigts. merci de ton aide

informaticologue · Answer

Voila le 2eme rapport
lean Navipromo version 3.7.5 commencé le 28/02/2009 à 22:29:58,17

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Jules ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)


C:\ (Local Disk) - NTFS - Total:457 Go (Free:193 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\Jules\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\Jules\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\Jules\AppData\Local" *


* Suppression dans "C:\Users\Colin\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\jules\appdataoaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\Colin\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "C:\Users\Jules\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\Colin\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\Jules\AppData\Local" ***


*** Suppression dossiers dans "C:\Users\Colin\AppData\Local" *** 


*** Suppression dossiers dans "C:\Users\Jules\AppData\Roaming" ***

...\MessengerSkinner ...suppression... 
...\MessengerSkinner supprimé ! 


*** Suppression dossiers dans "C:\Users\Colin\appdataoaming" *** 


*** Suppression dossiers dans "C:\Users\TEMP\appdataoaming" *** 


*** Suppression dossiers dans "C:\Users\TEMP~1.PC-\appdataoaming" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Jules\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users\Jules\AppData\Local\Microsoft" *


* Dans "C:\Users\Jules\AppData\Local\virtualstore\windows\system32" *


* Dans "C:\Users\Jules\AppData\Local" *


aykic.exe trouvé ! 
Copie aykic.exe réalisée avec succès !
aykic.exe supprimé !

aykic.dat trouvé ! 
Copie aykic.dat réalisée avec succès !
aykic.dat supprimé !

aykic_nav.dat trouvé ! 
Copie aykic_nav.dat réalisée avec succès !
aykic_nav.dat supprimé !

aykic_navps.dat trouvé ! 
Copie aykic_navps.dat réalisée avec succès !
aykic_navps.dat supprimé !


* Dans "C:\Users\Colin\AppData\Local" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !


*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 28/02/2009 à 22:34:59,27 ***

Destrio5 · Answer

---> Désinstalle Navilog1.

Tu as deux antivirus, il faut en retirer un.

SweetIM, tu souhaites vraiment garder ce programme ?

informaticologue · Answer

non Quelle sont mes 2 antivirus?
J'ai desinstallé sweetim avec CCleaner

Destrio5 · Answer

"Quelle sont mes 2 antivirus?"
---> AVG et Symantec.

&#9679; Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

&#9679; Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
&#9679; Clique droit sur le raccourci d'Ad-remover située sur ton Bureau et choisis Exécuter en tant qu'administrateur.
&#9679; Au menu principal, choisis l'option "A".
&#9679; Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, firewall...) d'où l'alerte émise par ces antivirus.

informaticologue · Answer

voici le rapport ----- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA ------- Updated by C_XX on 25/02/2009 at 20:30 Start at: 18:59:52 | Sun 01/03/2009 | Boot mode: Normal Boot Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001) Computer Name: PC-DE-COLIN Current User: Jules - Administrator Drive(s): - C:\ (File System: NTFS) System Drive: C:\ Windows Directory: C:\Windows\ System Directory: C:\Windows\System32\ --- Running Processes: 66 --- User Account Control is DISABLE +-----------------| Boonty/Boonty Games Elements Found: . HKCU\Software\Boonty . C:\Boonty \BOONTY +-----------------| Eorezo Elements Found: HKCR\EoRezoBHO.EoBho HKCR\EoRezoBHO.EoBho.1 HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} HKCU\Software\EoRezo HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\Software\EoRezo HKLM\Software\Classes\EoRezoBHO.EoBho HKLM\Software\Classes\EoRezoBHO.EoBho.1 HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} . C:\Users\Jules\AppData\Roaming\EoRezo C:\Users\Colin\AppData\Roaming\Eorezo C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Cookies\colin@eorezo[1].txt +-----------------| Infected Poker Softwares Elements Found: . +-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found: . HKCU\Software\AppDataLow\software\MyWebSearch HKCU\Software\FunWebProducts HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search HKU\S-1-5-21-829625975-2554254917-1831524914-1003\Software\Appdatalow\Software\Fun Web Products HKU\S-1-5-21-829625975-2554254917-1831524914-1003\Software\Appdatalow\Software\MyWebSearch . C:\Users\Jules\Appdata\LocalLow\MyWebSearch C:\Users\Jules\Appdata\LocalLow\FunWebProducts C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll C:\Program Files\Windows Live\Messenger\Riched20.dll +-----------------| It's TV Elements Found: HKCU\Software\ItsLabel HKLM\Software\ItsLabel HKU\S-1-5-21-829625975-2554254917-1831524914-1003\Software\ItsLabel . C:\Users\Jules\AppData\Roaming\ItsLabel C:\Users\Colin\AppData\Roaming\ItsLabel +-----------------| Sweetim Elements Found: HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} HKCR\SWEETIE.IEToolbar HKCR\SWEETIE.IEToolbar.1 HKCR\SWEETIE.SWEETIE HKCR\SWEETIE.SWEETIE.3 HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 HKCR\Toolbar3.SWEETIE HKCR\Toolbar3.SWEETIE.1 HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847} HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847} HKCU\Software\SweetIM HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\SWEETIE.IEToolbar HKLM\Software\Classes\SWEETIE.IEToolbar.1 HKLM\Software\Classes\SWEETIE.SWEETIE HKLM\Software\Classes\SWEETIE.SWEETIE.3 HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 HKLM\Software\Classes\Toolbar3.SWEETIE HKLM\Software\Classes\Toolbar3.SWEETIE.1 HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5} HKLM\Software\SweetIM HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-829625975-2554254917-1831524914-1003\Software\Sweetim HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 . C:\Windows\Installer\d18199.msi C:\Program Files\SweetIM C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\searchplugins\sweetim.xml C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\SweetIMToolbarData C:\Windows\Installer\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5} C:\Users\Jules\Appdata\LocalLow\SweetIM +-----------------| Other Adwares Found: . . C:\Users\Jules\AppData\Roaming\Microsoft\Windows\Cookies\jules@atdmt[1].txt +-----------------| Added Scan: ---- Mozilla FireFox Version 3.0.5 ---- ProfilePath: 3b3eh5kn.default . Prefs.js: Browser.Search.DefaultEngineName: "Google" Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" . (Prefs.js) FOUND: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.mode.debug", "false"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA2"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.search.external", ""); (Prefs.js) FOUND: user_pref("sweetim.toolbar.search.history.capacity", "10"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.simapp_id", "{426D7088-00E9-4BC2-B55B-0A759A8C9D7D}"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/"); (Prefs.js) FOUND: user_pref("sweetim.toolbar.version", "1.0.0.6"); . . . . ---- Internet Explorer Version 7.0.6001.18000 ---- +-[HKEY_CURRENT_USER\..\Internet Explorer\Main] Default_Search_URL: hxxp://www.google.com/ie Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start page: hxxp://www.01net.com/telecharger/ +-[HKEY_USERS\S-1-5-21-829625975-2554254917-1831524914-1003\..\Internet Explorer\Main] Default_Search_URL: hxxp://www.google.com/ie Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start page: hxxp://www.01net.com/telecharger/ +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] Start page: hxxp://www.msn.com/ +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] Tabs: hxxp://eo.st +---------------------------------------------------------------------------+ [~8948 Bytes] - C:\Ad-Report-Scan-01.03.2009.log - C:\Program Files\Ad-remover\TOOLS\BACKUP - C:\Program Files\Ad-remover\TOOLS\QUARANTINE End at: 19:01:08 | 01/03/2009 . +-----------------| E.O.F - 154 Lines .

Destrio5 · Answer

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

&#9679; Clique droit sur AD-Remover et choisis Exécuter en tant qu'administrateur : au menu principal, choisis l'option B.

&#9679; Coche A  à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

&#9679; Puis choisis S, le programme va travailler.

&#9679; Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\

informaticologue · Answer

voila le rapport ------ LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA ------- Updated by C_XX on 25/02/2009 at 20:30 *** LIMITED TO *** Boonty/BoontyGames Eorezo Infected Poker Softwares FunWebProduct/MyWay/MyWebSearch It's TV Sweetim Other Adwares ****************** Start at: 19:08:02 | Sun 01/03/2009 | Boot mode: Normal Boot Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001) Computer Name: PC-DE-COLIN Current User: Jules - Administrator Drive(s): - C:\ (File System: NTFS) System Drive: C:\ Windows Directory: C:\Windows\ System Directory: C:\Windows\System32\ --- Running Processes: 66 --- User Account Control is DISABLE (!) ---- IE start pages/Tabs reset +--------------------| Boonty/Boonty Games Elements Deleted : . HKCU\Software\Boonty . C:\Boonty +-----------------| Eorezo Elements Deleted : HKCR\EoRezoBHO.EoBho HKCR\EoRezoBHO.EoBho.1 HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} HKCU\Software\EoRezo HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\Software\EoRezo . C:\Users\Jules\AppData\Roaming\EoRezo C:\Users\Colin\AppData\Roaming\Eorezo C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Cookies\colin@eorezo[1].txt +-----------------| Infected Poker Softwares Elements Deleted : . +-----------------| FunWebProducts/MyWay/MyWebSearch Elements Deleted : . HKCU\Software\AppDataLow\software\MyWebSearch HKCU\Software\FunWebProducts HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search HKU\S-1-5-21-829625975-2554254917-1831524914-1003\Software\Appdatalow\Software\Fun Web Products . C:\Users\Jules\Appdata\LocalLow\MyWebSearch C:\Users\Jules\Appdata\LocalLow\FunWebProducts C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll C:\Program Files\Windows Live\Messenger\Riched20.dll +-----------------| It's TV Elements Deleted : HKCU\Software\ItsLabel HKLM\Software\ItsLabel . C:\Users\Jules\AppData\Roaming\ItsLabel C:\Users\Colin\AppData\Roaming\ItsLabel +-----------------| Sweetim Elements Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Internet Explorer\Internetregistry\Registry\User\S-1-5-21-829625975-2554254917-1831524914-1003\Software\Sweetim HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} HKCR\SWEETIE.IEToolbar HKCR\SWEETIE.IEToolbar.1 HKCR\SWEETIE.SWEETIE HKCR\SWEETIE.SWEETIE.3 HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 HKCR\Toolbar3.SWEETIE HKCR\Toolbar3.SWEETIE.1 HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847} HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847} HKCU\Software\SweetIM HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5} HKLM\Software\SweetIM HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 . C:\Windows\Installer\d18199.msi C:\Program Files\SweetIM C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\searchplugins\sweetim.xml C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\SweetIMToolbarData C:\Windows\Installer\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5} C:\Users\Jules\Appdata\LocalLow\SweetIM +-----------------| Other Adwares Deleted: . . C:\Users\Jules\AppData\Roaming\Microsoft\Windows\Cookies\jules@atdmt[1].txt (!) ---- Temp files deleted. (!) ---- Recycle bin emptied in all drives. +-----------------| Added Scan : ---- Mozilla FireFox Version 3.0.5 ---- ProfilePath: 3b3eh5kn.default . Prefs.js: Browser.Search.DefaultEngineName: "Google" Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" . (Prefs.js) REMOVED: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.mode.debug", "false"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA2"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.search.external", ""); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.search.history.capacity", "10"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.simapp_id", "{426D7088-00E9-4BC2-B55B-0A759A8C9D7D}"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.urls.homepage", "https://home.sweetim.com/"); (Prefs.js) REMOVED: user_pref("sweetim.toolbar.version", "1.0.0.6"); . . . . ---- Internet Explorer Version 7.0.6001.18000 ---- +-[HKEY_CURRENT_USER\..\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome +-[HKEY_USERS\S-1-5-21-829625975-2554254917-1831524914-1003\..\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start page: hxxp://fr.msn.com/ +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] Tabs: hxxp://ieframe.dll/tabswelcome.htm +---------------------------------------------------------------------------+ [~8746 Bytes] - C:\Ad-Report-Clean-01.03.2009.log [~9170 Bytes] - C:\Ad-Report-Scan-01.03.2009.log - C:\Program Files\Ad-remover\TOOLS\BACKUP - C:\Program Files\Ad-remover\TOOLS\QUARANTINE End at: 19:12:23 | 01/03/2009 . +-----------------| E.O.F - 152 Lines .

Destrio5 · Answer

---> Désinstalle AD-Remover.

---> Refais un scan avec RSIT et poste le rapport log.

informaticologue · Answer

RSIT ????

Destrio5 · Answer

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

informaticologue · Answer

voila le rapport


Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-01 19:26:06
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 195 GB (41%) free of 469 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jules\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AGCoreCleanup] CMD /C RD /S /Q "C:/Program Files/AGI"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{940BE514-C863-41EE-94FE-5B6E28A8ED8A}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

Destrio5 · Answer

---> Installe le SP1 :
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=B0C7136D-5EBB-413B-89C9-CB3D06D12674&displaylang=fr

informaticologue · Answer

Destrio je n'arrive pas a le télécharger  j'ai une page  Erreur de chargement de la page
Nouveau symptôme je dois cliquer deux fois pour me rendre sur un site a partir de google la premiere j'ai une page qui me dit de télécharger E-mule

Destrio5 · Answer

--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

informaticologue · Answer

Voil&a le rapport ComboFix 09-03-02.01 - Jules 2009-03-02 20:36:31.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1134 [GMT 1:00] Lancé depuis: c:\users\Jules\Downloads\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c: ecycler\S-0-9-40-100000880-100004925-100011867-8555.com c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\gaopdxrqptwncr.sys c:\windows\system32\gaopdxtgryfsii.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 )))))))))))))))))))))))))))))))))))) . 2009-03-02 19:54 . 2009-03-02 20:03 262,144 --a------ c:\windows\SPInstall.etl 2009-03-01 19:26 . 2009-03-01 19:26 d-------- C: sit 2009-03-01 18:58 . 2009-03-01 19:22 d-------- c:\program files\Ad-remover 2009-03-01 15:08 . 2009-03-01 15:08 d-------- c:\program files\MoviesPlay 2009-03-01 14:30 . 2009-03-01 14:30 d-------- c:\users\Colin\AppData\Roaming\agi 2009-02-28 21:39 . 2009-03-01 11:50 d-------- c:\program files\Navilog1 2009-02-28 11:22 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers cpip.sys 2009-02-28 11:22 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32 pcrt4.dll 2009-02-28 11:22 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys 2009-02-28 11:22 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll 2009-02-27 22:39 . 2009-02-27 23:24 d-------- C:\perflogs 2009-02-24 19:52 . 2009-02-24 19:52 d-------- c:\program files\Kiwee Toolbar 2009-02-24 19:51 . 2009-02-24 19:51 2,117,632 --a------ c:\windows\System32\python25.dll 2009-02-24 19:51 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip 2009-02-24 19:51 . 2009-02-24 19:51 339,968 --a------ c:\windows\System32\pythoncom25.dll 2009-02-24 19:51 . 2009-02-24 19:51 114,688 --a------ c:\windows\System32\pywintypes25.dll 2009-02-21 12:23 . 2009-02-21 12:23 d-------- c:\program files\Microsoft Sync Framework 2009-02-19 21:08 . 2009-02-19 21:08 d-------- c:\program files\Microsoft Visual Studio 8 2009-02-15 15:15 . 2009-02-15 15:16 d-------- c:\program files\GameSpy Arcade 2009-02-15 15:11 . 2009-02-15 15:11 d-------- c:\program files\LucasArts 2009-02-15 12:24 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-15 12:24 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-15 12:24 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-15 12:24 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-15 12:24 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-13 12:16 . 2009-03-01 14:29 d-------- c:\users\Colin\Tracing 2009-02-13 12:14 . 2009-02-13 12:14 d-------- c:\users\Colin\Program Files 2009-02-13 12:14 . 2009-03-01 15:49 d-------- c:\users\Colin\AppData\Roaming\DNA 2009-02-11 19:43 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 19:43 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-09 13:02 . 2009-03-01 19:23 d-------- c:\program files\Dofus 2009-02-08 20:42 . 2009-03-02 20:26 d-------- c:\users\Jules\Tracing 2009-02-08 20:39 . 2009-02-08 20:39 d-------- c:\program files\Windows Live SkyDrive 2009-02-08 20:35 . 2009-02-08 20:39 d-------- c:\program files\Microsoft 2009-02-08 20:33 . 2009-02-08 20:33 d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-08 20:29 . 2009-02-08 20:29 d-------- c:\program files\Common Files\Windows Live 2009-02-08 09:48 . 2009-02-08 09:48 dr-h----- c:\users\Jules\AppData\Roaming\SecuROM 2009-02-08 09:41 . 2009-02-08 09:41 d-------- c:\program files\Zone Labs 2009-02-07 19:20 . 2009-02-07 19:20 d-------- c:\program files\Trend Micro 2009-02-07 17:49 . 2009-02-13 12:55 d-------- c:\programdata\Electronic Arts 2009-02-07 17:49 . 2009-02-07 17:49 7,760 --a------ c:\windows\System32\ealregsnapshot1.reg 2009-02-07 17:21 . 2009-02-07 17:21 d--h----- c:\windows\msdownld.tmp 2009-02-07 12:05 . 2009-02-07 12:05 43,520 --a------ c:\windows\System32\CmdLineExt03.dll 2009-02-07 11:55 . 2009-02-07 11:55 d-------- c:\program files\THQ 2009-02-07 11:55 . 2009-02-07 11:55 d-------- C:\Extras 2009-02-07 11:55 . 2009-02-07 11:55 d-------- C:\Autorun 2009-02-07 10:25 . 2009-02-08 15:51 139,264 --a------ c:\windows\War3Unin.exe 2009-02-07 10:25 . 2009-02-08 16:00 87,963 --a------ c:\windows\War3Unin.dat 2009-02-07 10:25 . 2009-02-08 15:51 2,829 --a------ c:\windows\War3Unin.pif 2009-02-07 10:22 . 2009-02-17 12:09 d-------- c:\program files\Warcraft III 2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 19:22 --------- d-----w c:\programdata\avg8 2009-03-01 18:23 --------- d-----w c:\program files\Packard Bell 2009-03-01 14:50 --------- d-----w c:\users\Colin\AppData\Roaming\Azureus 2009-03-01 13:52 --------- d-----w c:\users\Colin\AppData\Roaming\LimeWire 2009-03-01 13:30 --------- d-----w c:\program files\Steam 2009-03-01 10:51 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-28 20:46 --------- d-----w c:\users\Jules\AppData\Roaming\Azureus 2009-02-28 18:09 --------- d-----w c:\users\Jules\AppData\Roaming\BraCa_Soft 2009-02-28 16:19 --------- d---a-w c:\programdata\Sports Interactive 2009-02-28 10:12 174 --sha-w c:\program files\desktop.ini 2009-02-27 22:27 --------- d-----w c:\program files\Windows Sidebar 2009-02-27 22:27 --------- d-----w c:\program files\Windows Photo Gallery 2009-02-27 22:27 --------- d-----w c:\program files\Windows Mail 2009-02-27 22:27 --------- d-----w c:\program files\Windows Journal 2009-02-27 22:27 --------- d-----w c:\program files\Windows Defender 2009-02-27 22:27 --------- d-----w c:\program files\Windows Collaboration 2009-02-27 22:27 --------- d-----w c:\program files\Windows Calendar 2009-02-27 21:59 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-02-27 21:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-02-27 17:06 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 15:53 1,128 ----a-w c:\users\Jules\AppData\Roaming\wklnhst.dat 2009-02-21 11:24 --------- d-----w c:\program files\Windows Live 2009-02-21 08:58 --------- d-----w c:\programdata\Microsoft Help 2009-02-19 20:14 --------- d-----w c:\program files\MSBuild 2009-02-19 17:32 --------- d-----w c:\users\Jules\AppData\Roaming\LimeWire 2009-02-08 08:26 --------- d-----w c:\programdata\Symantec 2009-02-08 08:26 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-08 08:25 --------- d-----w c:\program files\Norton 360 2009-02-08 08:24 --------- d-----w c:\program files\Symantec 2009-02-08 08:14 --------- d-----w c:\program files\AVS4YOU 2009-02-07 18:26 --------- d-----w c:\users\Jules\AppData\Roaming\DNA 2009-02-07 16:49 --------- d-----w c:\program files\Electronic Arts 2009-02-06 21:01 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-28 16:07 --------- d-----w c:\users\Jules\AppData\Roaming\uTorrent 2009-01-24 17:16 --------- d-----w c:\program files\Common Files\Steam 2009-01-21 18:11 --------- d-----w c:\users\Jules\AppData\Roaming\Pro Cycling Manager 2008 2009-01-18 13:40 --------- d-----w c:\users\Jules\AppData\Roaming\My Battle for Middle-earth(tm) II Files 2009-01-18 10:59 --------- d-----w c:\users\Colin\AppData\Roaming\My Battle for Middle-earth(tm) II Files 2009-01-16 18:33 --------- d-----w c:\users\Jules\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II 2009-01-15 17:46 --------- d-----w c:\program files\eMule 2009-01-11 15:07 --------- d-----w c:\users\Jules\AppData\Roaming\Xilisoft Corporation 2009-01-11 15:06 --------- d-----w c:\program files\Xilisoft 2009-01-11 11:14 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II 2009-01-08 17:46 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu 2009-01-02 17:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-02 17:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2008-11-09 12:53 1,222 ----a-w c:\users\Colin\AppData\Roaming\wklnhst.dat 2007-12-25 08:34 22,328 ----a-w c:\users\Colin\AppData\Roaming\PnkBstrK.sys 2002-08-26 17:54 327,680 ----a-r c:\users\Colin\AppData\Roaming\MafiaSetup.exe 2007-09-13 06:33 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NvSvc"="c:\windows\system32 vsvc.dll" [2007-07-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe] c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe "PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2E127600-40B6-404B-BC6F-10505B667627}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{6716BF2E-4290-428B-8AAA-B2576E0CB495}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4AF04E4F-50E4-4488-AF37-01BF2BDC6B73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{1CC8D575-55F2-4036-8F62-5AEBD69E6C3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{B5921348-B33A-4036-A387-457D5DB5C309}"= UDP:c:\program files\DNA\btdna.exe:DNA "{94063043-830F-45ED-9EAA-CE45E379F78F}"= TCP:c:\program files\DNA\btdna.exe:DNA "{34E21BBA-C6F8-4561-BF2A-03593CCA0B90}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In) "{8C838E28-6A3B-4BE1-B27A-50EDAE841FF8}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In) "{D27EAE27-2056-45A0-901A-EC8C6A8BB36D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{8BC378B9-DDB9-4644-8AB2-56CFF3966D43}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{1880BC6B-AD2A-4F3A-96BB-9FCBDB2A310F}"= UDP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009 "{7320722E-D587-4A42-BDDF-B214C6E67777}"= TCP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009 "{A34346D3-32C6-4715-8998-D9F42015074D}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{5C2B0933-D818-4922-8E4D-31FFF7F80023}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{A74B1AA0-0238-4B55-811A-F91A7A4BBA48}"= Disabled:UDP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer "{499627AA-0B81-445B-8800-6C418FD9A1AC}"= Disabled:TCP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer "{AEA400C1-E10B-45C6-8B77-ABB4B937DE76}"= Disabled:UDP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer "{035722A8-4F5D-4523-9A63-93808CD7872D}"= Disabled:TCP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer "{AC3311A6-A3D8-4345-9715-8A22299A04FA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{A55680A5-C8E4-4507-9C9D-B19A463B603B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{04A11CF4-F9E0-4794-B0F8-0774FA81F7DD}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{50226B5A-ED69-4D18-BD54-973A674300F4}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{773C09EA-6A63-47D4-9318-0F5A85972948}"= UDP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM) "{E6B7ABC6-2EDF-49B5-A4F4-728AEE108CD3}"= TCP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM) "{51681AAB-FA43-4EA2-B91D-84FF805BA778}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{9C3A9E7D-00C8-473C-AD7A-15811C7D022F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{43AF5FAC-725E-47F6-BFA8-5F35EE4ED0B5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{056117F4-FFC3-4DA9-9824-1B63BAFECAB3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E3B23184-B673-45F1-A2F0-4EDE428290BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0729F1AD-9560-4812-94FF-EA0308E76280}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\Program Files\Orange\Connectivity\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS "c:\Program Files\BitTorrent\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-09-06 2915944] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-16 28224] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb503c0-f03e-11dc-8971-001c252f6b0c}] \shell\AutoRun\command - L:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9ec-773a-11dd-a897-001c252f6b0c}] \shell\AutoRun\command - i:\setup src\Autorun.exe \shell\dinstall\command - i:\directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9f3-773a-11dd-a897-001c252f6b0c}] \shell\AutoRun\command - J:\SETUP.EXE \shell\configure\command - J:\SETUP.EXE \shell\install\command - J:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32111ca-bc7d-11dc-bca7-001c252f6b0c}] \shell\AutoRun\command - I:\OblivionLauncher.exe . Contenu du dossier 'Tâches planifiées' 2009-03-02 c:\windows\Tasks\Extension de garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38] 2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-16 13:28] 2009-03-02 c:\windows\Tasks\Recovery DVD Creator.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34] 2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{76461DD1-B6E6-4076-BBA9-EF584055E07F}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] 2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{E9994E27-B913-4BBB-A62C-60E7B671623C}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\DAEMON Tools Toolbar\DTToolbar.dll . ------- Examen supplémentaire ------- . mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: orange.fr\www DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICJE8&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Microsoft\Office Live pOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins p-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins pbittorrent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Jules\Program Files\DNA\plugins pbtdna.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 20:43:37 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . Heure de fin: 2009-03-02 20:45:33 ComboFix-quarantined-files.txt 2009-03-02 19:45:32 Avant-CF: 199,862,468,608 octets libres Après-CF: 199,871,180,800 octets libres 270 --- E O F --- 2009-03-01 02:20:56

Destrio5 · Answer

Maintenant, tu peux installer le SP1.

informaticologue · Answer

dESTRIO LE sp1 EST Déja installer SUR MON pc

Destrio5 · Answer

---> Relance RSIT et poste le rapport log.

informaticologue · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-03 16:18:39
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 189 GB (40%) free of 469 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

Suis-je infecter???

30 réponses

Discussions similaires

Newsletters