Sujet Précédent Sujet Suivant

Ecran qui s'éteint + fenêtres intempestives

Fermé
Julien - 11 août 2007 à 14:00
 Utilisateur anonyme - 16 août 2007 à 09:20
Bonjour,
depuis quelques semaines, j'ai pas mal de problème sur mon PC:
L'écran s'éteint parfois alors que le PC tourne toujours. je dois arrêter l'UC puis la redémarrer.
J'ai également souvent des fenêtre intempestives (faux anti-spaywares, sites pornos, casinos, sites de paris...).
j'ai passé VirusScan, AdAware, Spybot, ça ne résout pas mon problème. Est-ce que quelqu'un a une idée? Voici le log HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:13, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17492023-C23A-453E-A040-C7C580BBF704 - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux -
O16 - DPF: teleir_cert -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
A voir également:

10 réponses

Réponse 1 / 10
Utilisateur anonyme
11 août 2007 à 14:38
SLT

Fais un clic droit sur ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans mon avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Julien
11 août 2007 à 16:51
Merci Nanard4700 pour la réponse.
J'ai passé Navilog, le log est ci-dessous.
Outre les problèmes d'écran qui s'éteint et de fenêtres intempestives, j'ai également remarqué que, depuis quelques jours, de temps en temps, toutes les fenêtre se figent, on ne peut plus rien faire peandant quelques secondes...

Search Navipromo version 2.0.7 commencé le 11/08/2007 à 16:12:48,56

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.08.2007 a 18h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Regina\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

c:\WINDOWS\system32\uqqlfsv.dat
C:\windows\system32\uqqlfsv.exe
c:\WINDOWS\system32\uqqlfsv_nav.dat
c:\WINDOWS\system32\uqqlfsv_navps.dat

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\uqqlfsv.exe


*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDHTML_1026.dll


Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_USERS\S-1-5-21-334337264-1907411925-173008773-1006\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
C:\WINDOWS\system32\uqqlfsv.dat trouvé !
**
C:\WINDOWS\system32\uqqlfsv.dat trouvé !
***
****
C:\WINDOWS\system32\uqqlfsv_navps.dat trouvé !
*****
******
*******
********
C:\WINDOWS\system32\shdcdyvwd.exe trouvé !
*********

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Recherche avec GenericNaviSearch Beta ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

Fichiers trouvés :

Aucun Fichier trouvé !

Fichiers suspects :

Aucun Fichier suspect trouvé !


*** Analyse Terminé le 11/08/2007 à 16:43:43,43 ***
0
Réponse 2 / 10
Utilisateur anonyme
11 août 2007 à 17:04
ok il a bien trouvé l´infection

2eme etape:

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :


* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option pour exécuter Windows en mode sans échec, puis appuie sur "[Entrée]"

* Double-clique sur Navilog1.bat.
* Suis les instructions.
* Choisis ensuite l'option 2 puis valide.
* Laisse toi guider et réponds aux questions éventuelles.
* Ton bureau va disparaître, c'est normal !
* Patiente jusqu'à l'apparition de ce message : "*** Nettoyage Termine le ..... ***"
* Appuie sur une touche comme demandé : le Bloc-notes va s'ouvrir.
* Sauvegarde le rapport de manière à pouvoir le retrouver en mode normal.
* Referme le Bloc-notes. Ton bureau va maintenant réapparaître.


Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt)


* Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
* Choisis l'onglet Contenu puis onglet Certificats.
* Si tu trouves les programmes suivants (en particulier dans "Editeurs approuvés" ), supprime-les :


electronic-group
egroup
Montorgueil
VIP
Sunny Day Design Ltd

poste le rapport stp...

IL te reste encore des infections .Apres avoir fait ci dessus post un nouveau rapport hijackthis.Je te dirais la facon de l'iradiquer
0
Julien
11 août 2007 à 17:52
Merci Nanard4700, voici mon premier rapport:cleannavi.txt. A noter qu'en mode sans échec, navilog a redémarré tout seul l'ordinateur en mode normal. Le rapport est apparu au redémarrage.

Je vais maintenat suivre les indications pour les certificats IE, et te tiens au courant.

Clean Navipromo version 2.0.7 commencé le 11/08/2007 à 17:40:16,06

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.08.2007 a 18h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


*** Creation backups fichiers trouvés par Blacklight ***

Copie vers "C:\Program Files\navilog1\Backupnavi"


*** Suppression des fichiers trouvés avec Blacklight ***

c:\WINDOWS\system32\uqqlfsv.dat supprimé !
C:\windows\system32\uqqlfsv.exe supprimé !
c:\WINDOWS\system32\uqqlfsv_nav.dat supprimé !
c:\WINDOWS\system32\uqqlfsv_navps.dat supprimé !

*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Regina\Application Data ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Regina\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi ***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\shdcdyvwd.exe trouvé !
Copie C:\WINDOWS\system32\shdcdyvwd.exe réalise avec succes !
C:\WINDOWS\system32\shdcdyvwd.exe supprimé !
3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :

Certificat Egroup supprimé !


*** Recherche avec GenericNaviSearch Beta ***
!!! Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

Fichiers trouvés non supprimés :

Aucun Fichier trouvé !

Fichiers suspects non supprimés :

Aucun Fichier suspect trouvé !



*** Nettoyage termine le 11/08/2007 à 17:44:30,21 ***
0
Réponse 3 / 10
Julien
11 août 2007 à 20:56
Bonsoir Nanard4700, je n'ai pas trouvé parmi les éditeurs approuvés de certificats les éditeurs de ta liste (egroup, Montorgueil, VIP, ...etc).
Par contre, comme tu me l'avais dit, mon PC est toujours infecté (écran noir de temps en temps (pendant quelques instants), ou pages qui se figent). Donc voici un nouveau rapport HiJackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:22, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17492023-C23A-453E-A040-C7C580BBF704 - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [uqqlfsv] c:\windows\system32\uqqlfsv.exe uqqlfsv
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux -
O16 - DPF: teleir_cert -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 4 / 10
Utilisateur anonyme
12 août 2007 à 13:41
Slt Julien.

tu relances hijackthis et tu coches les lignes inscrites ci dessous.Ensuite tu clic sur fixer .(en bas du log)
Une fois termine tu me repost un nouveau rapport.

O2 - BHO: (no name) - {17492023-C23A-453E-A040-C7C580BBF704 - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7}
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
0
Julien
12 août 2007 à 21:13
Merci beaucoup pour ton aide, Nanard.
J'ai donc relancé HiJackThis et coché et fixé les 9 lignes que tu me proposais. Le fichier de log est ci-dessous.
Au niveau des fenêtres intempestives, ça a l'air d'aller mieux depuis que j'ai passé navilog (mais je n'ai pas encore beaucoup surfé), par contre j'ai tout le temps un écran noir quelques secondes de temps en temps ou le PC qui parfois se fige quelques secondes.
Bonne soirée.
Julien.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:42, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [uqqlfsv] c:\windows\system32\uqqlfsv.exe uqqlfsv
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux -
O16 - DPF: teleir_cert -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Utilisateur anonyme
13 août 2007 à 00:00
OK

Tu as une saloperie qui ne veut pas partir.On va donc s'occuper de cette intrus.
telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancer)

(1) ad-aware version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

***

(2) spybot version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite


voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***

et aussi ceci
(3) CleanUp40.exe
http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm

***

(4) a2

https://www.emsisoft.com/fr/
penser a le metre a jour avant de scanner le pc
***
ps : un grand merci a balltrap pour les liens :)

(5) Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

Clique sur scanner puis sur scan complet du système.
==================================================================
pour supprimer tes traces utilise

CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo

https://www.01net.com/

____________________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html
==================================================================
POur terminer post moi un nouveau rapport hijackthis.N'oublis pas de poster les rapport des scans anti spywares.Merci

a+
0
Julien
13 août 2007 à 10:34
Merci Nanard,
Je posterai les rapports au fur et à mesure.
Juste une petite question: faut-il mieux passer tous ces logiciels en mode sans échec?
A+.
0
Utilisateur anonyme > Julien
13 août 2007 à 10:43
Tu peut le faire .
0
Réponse 6 / 10
Julien
13 août 2007 à 23:11
Salut Nanard,
pour info, le lien vers http://www.florensac-chasse-trap.com/ ne fonctionne pas. Le lien http://pageperso.aol.fr/balltrap34/adwseflash.zip ne fonctionne pas non plus.
Voici ci-dessous le log adaware 1.06.

J'ai mis les 39 objets détectés (22 cookies et 17 MRU) en quarantaine, j'ai également collé le log de la quarantaine:

Ad-Aware SE Build 1.06r1
Logfile Created on:lundi 13 août 2007 21:38:51
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R187 13.08.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):17 total references
Tracking Cookie(TAC index:3):22 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


13-08-2007 21:38:51 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Regina\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-334337264-1907411925-173008773-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 424
ThreadCreationTime : 13-08-2007 04:54:06
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 13-08-2007 04:54:08
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 13-08-2007 04:54:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 13-08-2007 04:54:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 13-08-2007 04:54:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 13-08-2007 04:54:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 13-08-2007 04:54:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 824
ThreadCreationTime : 13-08-2007 04:54:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 880
ThreadCreationTime : 13-08-2007 04:54:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1220
ThreadCreationTime : 13-08-2007 04:54:14
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 13-08-2007 04:54:14
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1524
ThreadCreationTime : 13-08-2007 04:54:20
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:13 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1540
ThreadCreationTime : 13-08-2007 04:54:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:14 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1552
ThreadCreationTime : 13-08-2007 04:54:20
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1716
ThreadCreationTime : 13-08-2007 04:54:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ProcessID : 1748
ThreadCreationTime : 13-08-2007 04:54:24
BasePriority : Normal
FileVersion : 4.11.020
ProductVersion : 4.11.020 Windows NT 2001/03/13
ProductName : SafeCast Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:17 [dllhost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1760
ThreadCreationTime : 13-08-2007 04:54:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe

#:18 [sagent2.exe]
FilePath : C:\Program Files\Fichiers communs\EPSON\EBAPI\
ProcessID : 1804
ThreadCreationTime : 13-08-2007 04:54:24
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:19 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1876
ThreadCreationTime : 13-08-2007 04:54:24
BasePriority : Normal
FileVersion : 3.1.2.266
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:20 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 2000
ThreadCreationTime : 13-08-2007 04:54:27
BasePriority : High


#:21 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 2024
ThreadCreationTime : 13-08-2007 04:54:27
BasePriority : Normal


#:22 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 132
ThreadCreationTime : 13-08-2007 04:54:28
BasePriority : Normal
FileVersion : 3.1.2.266
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:23 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 208
ThreadCreationTime : 13-08-2007 04:54:28
BasePriority : Normal


#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 316
ThreadCreationTime : 13-08-2007 04:54:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [vcssecs.exe]
FilePath : C:\Program Files\Virtual CD v4 SDK\system\
ProcessID : 356
ThreadCreationTime : 13-08-2007 04:54:29
BasePriority : Normal
FileVersion : 4, 3, 0, 1
ProductVersion : 4, 3, 0, 0
ProductName : Virtual CD
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.3 SDK - Security Service
InternalName : VCSSecS
LegalCopyright : Copyright © 2001 by H+H Software GmbH
OriginalFilename : VCSSecS.exe

#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 13-08-2007 04:54:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [usnsvc.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2500
ThreadCreationTime : 13-08-2007 04:55:06
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Sharing USN Journal Reader Service
InternalName : usnsvc.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : usnsvc.exe

#:28 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1164
ThreadCreationTime : 13-08-2007 19:34:17
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE

#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 636
ThreadCreationTime : 13-08-2007 19:37:45
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@casinotropez[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regina@casinotropez.com/
Expires : 29-07-2007 20:58:36
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:regina@247realmedia.com/
Expires : 10-08-2008 20:59:02
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:regina@2o7.net/
Expires : 10-08-2012 23:28:04
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@pro-market[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:regina@pro-market.net/
Expires : 01-06-2030 02:00:00
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:regina@bs.serving-sys.com/
Expires : 01-01-2038
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:regina@adtech.de/
Expires : 19-07-2017 19:16:10
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@interhomeag.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regina@interhomeag.112.2o7.net/
Expires : 03-08-2012 22:27:42
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:79
Value : Cookie:regina@serving-sys.com/
Expires : 01-01-2038
LastSync : Hits:79
UseCount : 0
Hits : 79

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:regina@estat.com/
Expires : 06-07-2017 23:20:28
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@www.casinotropez[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regina@www.casinotropez.com/
Expires : 29-07-2012 16:53:36
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@www.cibleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:regina@www.cibleclick.com/
Expires : 30-07-2037 23:57:56
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regina@msnportal.112.2o7.net/
Expires : 23-07-2012 13:31:30
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@metriweb[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regina@metriweb.be/
Expires : 21-07-2008 22:51:58
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@karavel.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regina@karavel.112.2o7.net/
Expires : 23-07-2012 21:02:40
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@smartadserver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:312
Value : Cookie:regina@smartadserver.com/
Expires : 08-08-2027 21:35:14
LastSync : Hits:312
UseCount : 0
Hits : 312

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:regina@overture.com/
Expires : 08-08-2017 20:59:18
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@fl01.ct2.comclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:regina@fl01.ct2.comclick.com/
Expires : 10-01-2029 02:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@kelkoo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:regina@kelkoo.fr/
Expires : 09-08-2009 14:21:48
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:121
Value : Cookie:regina@weborama.fr/
Expires : 21-10-2007 21:06:04
LastSync : Hits:121
UseCount : 0
Hits : 121

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:regina@server.iad.liveperson.net/
Expires : 30-07-2008 15:24:22
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@opodo.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regina@opodo.122.2o7.net/
Expires : 24-07-2012 23:08:40
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regina@112.2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:regina@112.2o7.net/
Expires : 10-08-2012 23:26:48
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 39



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 39




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39

22:24:15 Scan Complete

-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
LOG DE LA QUARANTAINE

ArchiveData(adaware1208.bckp)
Referencefile : SE1R187 13.08.2007
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Regina\recent\200705_NaissanceAnna.lnk
obj[1]=MRU FileReference : C:\Documents and Settings\Regina\recent\200706_Anna.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Regina\recent\200707_paris_bretagne (2).lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Regina\recent\200707_paris_bretagne (3).lnk
obj[4]=MRU FileReference : C:\Documents and Settings\Regina\recent\200707_paris_bretagne.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (10).lnk
obj[6]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (11).lnk
obj[7]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (12).lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (13).lnk
obj[9]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (14).lnk
obj[10]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\search assistant\acmru\5603
obj[11]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\search assistant\acmru\5604
obj[12]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (17).lnk
obj[13]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[14]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\bmp
obj[15]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPG
obj[16]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\log
obj[17]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\xls
obj[18]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\zip
obj[19]=MRU FileReference : C:\Documents and Settings\Regina\recent\200708 riluferduda (7).lnk
obj[20]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows\currentversion\explorer\runmru
obj[21]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\windows media\wmsdk\general computername
obj[22]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\winrar\dialogedithistory\extrpath
obj[23]=MRU FileReference : C:\Documents and Settings\Regina\recent\adaware.lnk
obj[24]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part (2).lnk
obj[25]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part (3).lnk
obj[26]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part (4).lnk
obj[27]=MRU FileReference : C:\Documents and Settings\Regina\recent\adresses_faire-part.lnk
obj[28]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (10).lnk
obj[29]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (11).lnk
obj[30]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (12).lnk
obj[31]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (13).lnk
obj[32]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (14).lnk
obj[33]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (15).lnk
obj[34]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (16).lnk
obj[35]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (17).lnk
obj[36]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (18).lnk
obj[37]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (19).lnk
obj[38]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (2).lnk
obj[39]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (20).lnk
obj[40]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (21).lnk
obj[41]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (22).lnk
obj[42]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (23).lnk
obj[43]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (24).lnk
obj[44]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (25).lnk
obj[45]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (26).lnk
obj[46]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (27).lnk
obj[47]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (28).lnk
obj[48]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (29).lnk
obj[49]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (3).lnk
obj[50]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (30).lnk
obj[51]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (31).lnk
obj[52]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (32).lnk
obj[53]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (33).lnk
obj[54]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (34).lnk
obj[55]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (35).lnk
obj[56]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (4).lnk
obj[57]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (5).lnk
obj[58]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (6).lnk
obj[59]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (7).lnk
obj[60]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (8).lnk
obj[61]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes (9).lnk
obj[62]=MRU FileReference : C:\Documents and Settings\Regina\recent\comptes.lnk
obj[63]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard.lnk
obj[64]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (2).lnk
obj[65]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (3).lnk
obj[66]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (4).lnk
obj[67]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (5).lnk
obj[68]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (6).lnk
obj[69]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (7).lnk
obj[70]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (8).lnk
obj[71]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique (9).lnk
obj[72]=MRU FileReference : C:\Documents and Settings\Regina\recent\cv_jdavard_productique.lnk
obj[73]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01305.lnk
obj[74]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01306.lnk
obj[75]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01307.lnk
obj[76]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01308.lnk
obj[77]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01310.lnk
obj[78]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01311.lnk
obj[79]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01318.lnk
obj[80]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01328.lnk
obj[81]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01330.lnk
obj[82]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01331.lnk
obj[83]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01332.lnk
obj[84]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01333.lnk
obj[85]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01337.lnk
obj[86]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01341.lnk
obj[87]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01345.lnk
obj[88]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01440.lnk
obj[89]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01537.lnk
obj[90]=MRU FileReference : C:\Documents and Settings\Regina\recent\DSC01538.lnk
obj[91]=MRU FileReference : C:\Documents and Settings\Regina\recent\HDD (C) (2).lnk
obj[92]=MRU FileReference : C:\Documents and Settings\Regina\recent\HDD (C).lnk
obj[93]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (10).lnk
obj[94]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (11).lnk
obj[95]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (12).lnk
obj[96]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (2).lnk
obj[97]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (3).lnk
obj[98]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (4).lnk
obj[99]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (5).lnk
obj[100]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (6).lnk
obj[101]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (7).lnk
obj[102]=MRU FileReference : C:\Documents and Settings\Regina\recent\hijackthis (8).lnk
obj[103]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis (9).lnk
obj[104]=MRU FileReference : C:\Documents and Settings\Regina\recent\HiJackThis.lnk
obj[105]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 23.lnk
obj[106]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 24 (2).lnk
obj[107]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 24.lnk
obj[108]=MRU FileReference : C:\Documents and Settings\Regina\recent\Image 25.lnk
obj[109]=MRU FileReference : C:\Documents and Settings\Regina\recent\Julien.lnk
obj[110]=MRU FileReference : C:\Documents and Settings\Regina\recent\laredoute (2).lnk
obj[111]=MRU FileReference : C:\Documents and Settings\Regina\recent\laredoute.lnk
obj[112]=MRU FileReference : C:\Documents and Settings\Regina\recent\lettremotivationAlcatel (2).lnk
obj[113]=MRU FileReference : C:\Documents and Settings\Regina\recent\lettremotivationAlcatel.lnk
obj[114]=MRU FileReference : C:\Documents and Settings\Regina\recent\Mes images.lnk
obj[115]=MRU FileReference : C:\Documents and Settings\Regina\recent\Navilog1.lnk
obj[116]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010127.lnk
obj[117]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010130.lnk
obj[118]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010457.lnk
obj[119]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010562.lnk
obj[120]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010652.lnk
obj[121]=MRU FileReference : C:\Documents and Settings\Regina\recent\P1010653.lnk
obj[122]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos (2).lnk
obj[123]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos (3).lnk
obj[124]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos (4).lnk
obj[125]=MRU FileReference : C:\Documents and Settings\Regina\recent\Photos et vidéos.lnk
obj[126]=MRU FileReference : C:\Documents and Settings\Regina\recent\plan (2).lnk
obj[127]=MRU FileReference : C:\Documents and Settings\Regina\recent\plan.lnk
obj[128]=MRU FileReference : C:\Documents and Settings\Regina\recent\Recherche_emploi.lnk
obj[129]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb1 (2).lnk
obj[130]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb1.lnk
obj[131]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb2.lnk
obj[132]=MRU FileReference : C:\Documents and Settings\Regina\recent\reginabb3.lnk
obj[133]=MRU FileReference : C:\Documents and Settings\Regina\recent\USB DISK (D).lnk
obj[135]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[136]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[137]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[138]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer download directory
obj[139]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\internet explorer\typedurls
obj[140]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\internet explorer\typedurls
obj[141]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\mediaplayer\player\recentfilelist
obj[142]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[143]=MRU RegReference : S-1-5-21-334337264-1907411925-173008773-1006\software\microsoft\office\10.0\excel\recent files

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[17]=IECache Entry : Cookie:regina@casinotropez.com/
obj[18]=IECache Entry : Cookie:regina@247realmedia.com/
obj[19]=IECache Entry : Cookie:regina@2o7.net/
obj[20]=IECache Entry : Cookie:regina@pro-market.net/
obj[21]=IECache Entry : Cookie:regina@bs.serving-sys.com/
obj[22]=IECache Entry : Cookie:regina@adtech.de/
obj[23]=IECache Entry : Cookie:regina@interhomeag.112.2o7.net/
obj[24]=IECache Entry : Cookie:regina@serving-sys.com/
obj[25]=IECache Entry : Cookie:regina@estat.com/
obj[26]=IECache Entry : Cookie:regina@www.casinotropez.com/
obj[27]=IECache Entry : Cookie:regina@www.cibleclick.com/
obj[28]=IECache Entry : Cookie:regina@msnportal.112.2o7.net/
obj[29]=IECache Entry : Cookie:regina@metriweb.be/
obj[30]=IECache Entry : Cookie:regina@karavel.112.2o7.net/
obj[31]=IECache Entry : Cookie:regina@smartadserver.com/
obj[32]=IECache Entry : Cookie:regina@overture.com/
obj[33]=IECache Entry : Cookie:regina@fl01.ct2.comclick.com/
obj[34]=IECache Entry : Cookie:regina@kelkoo.fr/
obj[35]=IECache Entry : Cookie:regina@weborama.fr/
obj[36]=IECache Entry : Cookie:regina@server.iad.liveperson.net/
obj[37]=IECache Entry : Cookie:regina@opodo.122.2o7.net/
obj[38]=IECache Entry : Cookie:regina@112.2o7.net/
0
Utilisateur anonyme
14 août 2007 à 20:27
SLT

ON va continuer a faire du nettoyage

télécharge AVG Anti-Spyware

avg antispyware
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html


Tuto : http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

* tu l'installes

Démarrer AVG antispyware. Cliquer sur "mise à jour", cliquer sur le bouton "Commencer la mise à jour" et attendre la fin de cette mise à jour puis, fermer le programme.

si tu n'arrives pas à le mettre à jour prends ici les Mise à jour:

http://downloads.ewido.net/avgas-signatures-full-current.exe



Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

relance AVG AS et cliquer sur l'onglet "scanner" puis sur "Analyse complète du système".
Une fois le scan terminé, il t'affiche un rapport. Cliquer sur "configurer..." en bas a gauche et choisir "supprimer". Ensuite cliquer sur "Appliquer toutes les actions ", ca va supprimer toutes les infections détectées.
Ensuite cliquer sur "Enregistrer le rapport d'analyse" -> "enregistrer sous" et enregistrer le rapport où bon te semble, afin de me l'envoyer dans ta prochaine réponse.


Copie Et colle le rapport ici
===========================
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 7 / 10
Julien
14 août 2007 à 21:42
Salut nanard,
excuse moi, je n'ai pas eu le temps de passer tous les anti spyware, je les passe au fur et à mesure:
- j'ai passé adaware (rapport ci-dessus)
- je viens de passer spybot: je n'ai pas réussi à faire de log mais il a fixé 3 problème: 2 IEFirewallbypass + 1 spyware secure.
Je te tiens au courant pour les autres programmes.
A+.
Julien
0
Réponse 8 / 10
Julien
14 août 2007 à 22:00
Rapport de cleanUp40.exe

CleanUp! started on 08/14/07 21:52:55.
...
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://www.mercernet.fr/mercernet/cnx/images/logo_mmc.gif - deleted
https://www.mercernet.fr/atos/304118/accueil.asp?S1=0&S2=0&M=1 - deleted
http://ht-brands.aol.com/PromoArt/ht_blupanel_cap_bottom_left.gif.107326.1.gif - deleted
http://www.pagesjaunes.fr/ciweb2g-pagesjaunes/static/css/pji_PJ.css - deleted
https://www.pagesjaunes.fr/ - deleted
https://media.laredoute.fr/images/arr_bas_gauche.gif - deleted
http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::affich 3380752 ecran qui s eteint fenetres intempestives&hl=23x12x13&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x633&ref=virus securite - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://feed.audience.netavenir.com/... - deleted
http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187039521859&lmt=1187039521&format=300x250_as&output=html&correlator=1187039521843&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ad_type=text&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich 3380752 ecran qui s eteint fenetres intempestives&cc=99&ga_vid=1961411508.1187039522&ga_sid=1187039522&ga_hid=311892844&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=2&u_java=true - deleted
http://www.sosordi.net/images/mb_ordi.gif - deleted
https://media.laredoute.fr/images/pic-kartStage6.gif - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://www.google.fr/search?hl=fr&q=cleanup40.exe&meta=&gws_rd=ssl - deleted
ecran qui s eteint fenetres intempestives?Acces=1 - deleted
http://cdn.lastminute.com/site/l_nav_top.gif?skin=frfr.lastminute.com - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://www.mercernet.fr/mercernet/cnx/images/hdr_related_services_fr.gif - deleted
http://www.laredoute.fr/... - deleted
https://media.laredoute.fr/images/hp0306/pucecuisine_footer.gif - deleted
http://global.msads.net/defaultads/ads/defaultads/1447.gif?C=P&E=10&N=F08 - deleted
http://by109fd.bay109.hotmail.msn.com/cgi-bin/getmsg?msg=1024F539-EE65-4457-8F3B-A5978E8DD51B&start=0&len=4471&imgsafe=n&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=93e10aa0265c6e6a0c60caa8a6f09b9e6a94c471b7adfdff696e9dab199b9466 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187117307718&lmt=1187117307&format=300x250_as&output=html&correlator=1187117307531&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich 3380752 ecran qui s eteint fenetres intempestives%232007 08 14%252020%253A27%253A33&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ad_type=text&cc=99&ga_vid=1613611013.1187117308&ga_sid=1187117308&ga_hid=74205791&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_java=true - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://www.sosordi.net/images/avatars/M/Aucun.jpg - deleted
http://www.sosordi.net/__utm.gif?utmwv=6.1&utmn=2140482372&utmsr=1024x768&utmsc=32-bit&utmul=fr&utmje=1&utmjv=1.3&utmfl=9.0&utmcr=1&utmdt=SOS%20Ordi%20-%20Dll%20manquant%20--%3E%20vsinit.dll&utmhn=www.sosordi.net&utmr=http://www.google.fr/search?hl=fr&q=cleanup40.exe+t%C3%A9l%C3%A9charger&meta=&utmp=/Depannage/110801-116-dll-manquant-vsinit-dll - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://www.sosordi.net/js/checkForms.js - deleted
http://www.sosordi.net/images/plus.gif - deleted
https://media.laredoute.fr/images/btn-whiteArrow02.gif - deleted
https://media.laredoute.fr/images/news_btn_retour.gif - deleted
https://mail.google.com/mail/images/cleardot.gif - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe - deleted
https://mail.google.com/mail/images/c.gif?t=1187102213421 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://ads1.msn.com/ads/76757/0000076757_000000000000000472515.swf?fd=rad.msn.com&clickTAG=http%3A//g.msn.com/0AD0005R/1177944.1%3F%3FPID%3D4052174%26amp%3BUIT%3DA%26amp%3BTargetID%3D1090125%26amp%3BAN%3D806489032%26amp%3BPG%3DIMSPTB - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://www.sosordi.net/__utm.gif?utmwv=6.1&utmn=1191251863&utmsr=1024x768&utmsc=32-bit&utmul=fr&utmje=1&utmjv=1.3&utmfl=9.0&utmcn=1&utmdt=SOS%20Ordi%20-%20Dll%20manquant%20--%3E%20vsinit.dll&utmhn=www.sosordi.net&utmr=http://www.google.fr/search?hl=fr&q=cleanup40.exe+t%C3%A9l%C3%A9charger&meta=&utmp=/Depannage/110801-116-dll-manquant-vsinit-dll - deleted
http://www.pagesjaunes.fr/files/images/FR/bar_bas_carr.gif - deleted
http://www.laredoute-magazines.fr/kiosque/control/main - deleted
http://www.laredoute-magazines.fr/kiosque/control/main - deleted
https://www.laredoute.fr/css/staticpages.css - deleted
https://media.laredoute.fr/intl/pt/pt/flag_italy.gif - deleted
http://adserver.adtech.de/addyn|3.0|224|1144075|0|168|ADTECH;loc=100;target=_blank;grp=1;misc=1187037211531 - deleted
https://media.laredoute.fr/images/news_btn_calculer02.gif - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://www.sosordi.net/images/favoris.png - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://by109fd.bay109.hotmail.msn.com/cgi-bin/HoTMaiL?fti=yes&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=93e10aa0265c6e6a0c60caa8a6f09b9ef2896ad5d11e5810d28da50241293238 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://engine.espace.netavenir.com/?zid=41 - deleted
https://media.laredoute.fr/images/gauche_tab.gif - deleted
https://media.laredoute.fr/intl/pt/pt/flag_spain.gif - deleted
https://media.laredoute.fr/images/tit-withCKGcard02.gif - deleted
http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187039527484&lmt=1187039527&prev_fmts=300x250_as&format=468x15_0ads_al&output=html&correlator=1187039526812&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fforum 7 virus securite&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&cc=99&ga_vid=1953841385.1187039527&ga_sid=1187039527&ga_hid=1082984977&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true - deleted
http://www.easyvols.fr/base/imgs/logos/compagniesAeriennes/LX.gif - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://pagead2.googlesyndication.com/pagead/ads?client=ca pub 6969989765125400&dt=1187120541375&lmt=1187120541&format=300x250_as&output=html&correlator=1187120541359&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&color_bg=FFFFFF&color_text=000000&color_link=000000&color_url=485E9E&color_border=FFFFFF&ad_type=text&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich 3380752 ecran qui s eteint fenetres intempestives%3FAcces%3D1&cc=99&ga_vid=2146512579.1187120541&ga_sid=1187120541&ga_hid=2058463312&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=2&u_java=true - deleted
http://pagead2.googlesyndication.com/cpa/ads?client=ca pub 6969989765125400&cpa_choice=CAAQv87nzwEaCPNb_H0GemsCKNm493M&oe=iso 8859 1&dt=1187120554187&lmt=1187120554&format=125x125_as_rimg&output=html&correlator=1187120554109&channel=5704541620&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fforum 7 virus securite®ion=_google_cpa_region_&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3&cc=99&ga_vid=2086356756.1187120554&ga_sid=1187120554&ga_hid=1037223733&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true - deleted
http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::affich-3380752-ecran-qui-s-eteint-fenetres-intempestives&hl=20x48x31&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x633&ref= - deleted
http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::affich-3380752-ecran-qui-s-eteint-fenetres-intempestives&hl=20x49x18&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x612&ref= - deleted
http://pagead2.googlesyndication.com/cpa/ads?client=ca pub 6969989765125400&cpa_choice=CAAQv87nzwEaCPNb_H0GemsCKNm493M&oe=iso 8859 1&dt=1187120541437&lmt=1187120541&format=125x125_as_rimg&output=html&correlator=1187120541359&channel=5704541620&url=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Fajout.php3®ion=_google_cpa_region_&ref=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-3380752-ecran-qui-s-eteint-fenetres-intempestives%3FAcces%3D1&cc=99&ga_vid=2146512579.1187120541&ga_sid=1187120541&ga_hid=2058463312&flash=9&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=120&u_his=2&u_java=true - deleted
http://logc15.xiti.com/hit.xiti?s=254140&s2=&p=forum::forum 7 virus securite&hl=21x42x34&cn=lan&ul=fr&hm=0&lng=fr&r=1024x768xundefinedx32&re=1024x633&ref=ajout - deleted
http://www.sosordi.net/images/dossierbleu.png - deleted
http://www.sosordi.net/images/imgmembre.gif - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://mail.google.com/mail/images/c.gif?t=1187106006296 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1 - deleted
http://www.sosordi.net/images/aide.png - deleted
C:\Documents and Settings\Regina\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Regina\LOCALS~1\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\LODCTR.EXE-03F34D45.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\MCCONSOL.EXE-3456B4DD.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\MCSCRIPT_INUSE.EXE-071D52A1.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\MCUPDATE.EXE-16E0583A.pf - deleted
C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-17AA806A.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\MRT.EXE-161A5291.pf - deleted
C:\WINDOWS\Prefetch\MSHTA.EXE-07121ECA.pf - deleted
C:\WINDOWS\Prefetch\MSI6A.TMP-09318048.pf - deleted
C:\WINDOWS\Prefetch\MSNAPPAU.EXE-17A3A6E5.pf - deleted
C:\WINDOWS\Prefetch\MSPAINT.EXE-146E0237.pf - deleted
C:\WINDOWS\Prefetch\NDP1.1SP1-KB928366-X86.EXE-062682BB.pf - deleted
C:\WINDOWS\Prefetch\NET.EXE-151FD66D.pf - deleted
C:\WINDOWS\Prefetch\NETFXUPDATE.EXE-1E08356E.pf - deleted
C:\WINDOWS\Prefetch\NGEN.EXE-0FE278E5.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OSA.EXE-28494AD2.pf - deleted
C:\WINDOWS\Prefetch\PICASA2.EXE-0336A7FA.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\PICASAUPDATE.EXE-2968699F.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\POWERPNT.EXE-36F34B3E.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf - deleted
C:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf - deleted
C:\WINDOWS\Prefetch\REG.EXE-07FA5B3F.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\REGISTRYCLEANER.EXE-16A0987C.pf - deleted
C:\WINDOWS\Prefetch\REGISTRYDEFRAG.EXE-2500885E.pf - deleted
C:\WINDOWS\Prefetch\REGISTRYDEFRAGHELPER.EXE-15E726BC.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C53A192.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-453420C4.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-48F5CC24.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CAF3F5C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5A86C785.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E0F7F9E.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E28740F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E8E394A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\SCAN32.EXE-2595F2A1.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\SETUP.EXE-02F2E3E6.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-053AB796.pf - deleted
C:\WINDOWS\Prefetch\SKYPE.EXE-2EAF99A0.pf - deleted
C:\WINDOWS\Prefetch\SORT.EXE-19728AC5.pf - deleted
C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
C:\WINDOWS\Prefetch\TKHJECKDI.EXE-0E13E68F.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-0813F146.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-0BDC03E6.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1FF92DF9.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\UPDATE.EXE-34E83780.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\UPDATERUI.EXE-3411FB8B.pf - deleted
C:\WINDOWS\Prefetch\UPDATEWIZARD.EXE-24352615.pf - deleted
C:\WINDOWS\Prefetch\UQQLFSV.EXE-3AF09F9F.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\USNSVC.EXE-0114DAF6.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\VCSPLAY.EXE-2DB1E050.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF805.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80B.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\APPS\ActivSurf\4448364\Users\Default\Misc\Backup\chandir.id~ - deleted
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012006100420061005\index.dat - deleted
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp - deleted
C:\Documents and Settings\Default User\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\Regina\Application Data\Microsoft\Address Book\Regina.wa~ - deleted
C:\Documents and Settings\Regina\Application Data\Mozilla\Firefox\Profiles\default.98q\bookmarks.html.sbsd.bak - deleted
C:\Documents and Settings\Regina\Application Data\Skype\regina\index.dat - deleted
C:\Documents and Settings\Regina\Application Data\Skype\reginato\index.dat - deleted
C:\Documents and Settings\Regina\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\MSHist012003011320030120\index.dat - deleted
C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\MSHist012003020120030202\index.dat - deleted
C:\Documents and Settings\Regina\Julien\Local Settings\Historique\History.IE5\MSHist012003020220030203\index.dat - deleted
C:\Documents and Settings\Regina\Julien\Recherche_emploi\~$_jdavard_productique.doc - deleted
C:\Documents and Settings\Regina\Julien\Recherche_emploi\~WRL0002.tmp - deleted
C:\Documents and Settings\Regina\Julien\Recherche_emploi\~WRL1963.tmp - deleted
C:\Documents and Settings\Regina\Julien\Recherche_emploi\~WRL4041.tmp - deleted
C:\Documents and Settings\Regina\Local Settings\Application Data\Microsoft\Messenger\misbarreto@hotmail.com\SharingMetadata\Working\database_96F8_C968_F8C9_4769\fsr.chk - deleted
C:\Documents and Settings\Regina\Local Settings\Application Data\Microsoft\Messenger\regina_toledo@hotmail.com\SharingMetadata\Working\database_96F8_C968_F8C9_4769\fsr.chk - deleted
C:\Documents and Settings\Regina\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A71.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temp\~DF8A7E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Regina\UserData\index.dat - deleted
C:\Program Files\Internet Explorer\ssapi.log.bak - deleted
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Regina\Misc\Backup\chandir.da~ - deleted
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Regina\Misc\Backup\chandir.id~ - deleted
C:\WINDOWS\Help\wmplayer.bak - deleted
C:\WINDOWS\inf\mplayer2.bak - deleted
C:\WINDOWS\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1036.dat.bak - deleted
C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat - deleted
C:\WINDOWS\repair\system.bak - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\system32\shdocvw.bak - deleted
C:\WINDOWS\system32\CONFIG.TMP - deleted
C:\WINDOWS\system32\SET60.tmp - deleted
C:\WINDOWS\system32\SET6C.tmp - deleted
C:\WINDOWS\system32\SET75.tmp - deleted
C:\WINDOWS\system32\SET77.tmp - deleted
C:\WINDOWS\system32\SET7A.tmp - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012003011220030113\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012004090220040903\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\system32\drivers\OLD69.tmp - deleted
C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK - deleted
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 79.8 MB of disk space from 7238 files.
CleanUp! finished on 08/14/07 21:56:57.
0
Utilisateur anonyme
14 août 2007 à 22:14
Julien

J'ai un petit doute .Va a panneau de configuration et regarde si tu trouve spyware secure .Si oui supprime.Tins moi au courant
0
Julien > Utilisateur anonyme
14 août 2007 à 23:16
Salut.
Je n'ai pas bien compris ton message: trouver spyware secure dans le panneau de configuration? Peux-tu préciser s'il te plaît?
A+.
julien.
0
julien > Utilisateur anonyme
15 août 2007 à 11:33
Rapport de a2

Version - a-squared Anti-Malware 3.0
Dernière mise à jour: 14/08/2007 22:17:25

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 14/08/2007 22:17:41

c:\windows\system32\ath.mgf Détecter: Trace.File.VCatch
c:\windows\system32\bnr.mgf Détecter: Trace.File.VCatch
c:\windows\system32\frb.mgf Détecter: Trace.File.VCatch
c:\windows\system32\rulesdata.xml Détecter: Trace.File.VCatch
c:\windows\system32\rulesdata1.xml Détecter: Trace.File.VCatch
c:\windows\system32\rulesdata2.xml Détecter: Trace.File.VCatch
c:\windows\system32\rulesdata3.xml Détecter: Trace.File.VCatch
c:\windows\system32\rulesfactors.xml Détecter: Trace.File.VCatch
c:\windows\system32\snd.mgf Détecter: Trace.File.VCatch
c:\windows\system32\sub.mgf Détecter: Trace.File.VCatch
c:\windows\system32\sze.mgf Détecter: Trace.File.VCatch
Key: HKEY_CLASSES_ROOT\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Détecter: Trace.Registry.DivagoSurfairy
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Détecter: Trace.Registry.DivagoSurfairy
c:\program files\accent word password recovery Détecter: Trace.Directory.Accent WORD Password Recovery
C:\APPS\ActivSurf\4448364\Program\backWeb-4448364.exe Détecter: Adware.BackWeb.a
C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\clean\pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean.zip/pskill.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1.zip/Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Regina\Julien\NettoyagePC\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Regina\Mes documents\Mes images\200406_Mariage\Img0003.part1.rar/DSCN0358.JPG Détecter: Heuristic.ArchiveBomb
C:\Program Files\Navilog1\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113769.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113776.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113783.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113789.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0114132.exe Détecter: Riskware.RiskTool.Win32.PsKill.k
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP823\A0122672.exe Détecter: Riskware.RiskTool.Win32.Processor.20

Scanné

Fichiers: 199327
Traces: 345592
Cookies: 15
Processus: 29

Trouver

Fichiers: 15
Traces: 14
Cookies: 0
Processus: 0
Clés de Registre: 0

Fin du Scan: 15/08/2007 01:12:09
Temps du Scan: 02:54:28

C:\Documents and Settings\Regina\Mes documents\Mes images\200406_Mariage\Img0003.part1.rar/DSCN0358.JPG Quarantaine Heuristic.ArchiveBomb
C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Regina\Julien\NettoyagePC\navilog1.zip/Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Regina\Julien\NettoyagePC\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Program Files\Navilog1\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113783.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113789.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP823\A0122672.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\clean\pskill.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean\pskill.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
C:\Documents and Settings\Regina\Julien\NettoyagePC\cleanup\clean.zip/pskill.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113769.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0113776.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP799\A0114132.exe Quarantaine Riskware.RiskTool.Win32.PsKill.k
C:\APPS\ActivSurf\4448364\Program\backWeb-4448364.exe Quarantaine Adware.BackWeb.a
c:\program files\accent word password recovery Quarantaine Trace.Directory.Accent WORD Password Recovery
Key: HKEY_CLASSES_ROOT\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Quarantaine Trace.Registry.DivagoSurfairy
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} Quarantaine Trace.Registry.DivagoSurfairy
c:\windows\system32\ath.mgf Quarantaine Trace.File.VCatch
c:\windows\system32\bnr.mgf Quarantaine Trace.File.VCatch
c:\windows\system32\frb.mgf Quarantaine Trace.File.VCatch
c:\windows\system32\rulesdata.xml Quarantaine Trace.File.VCatch
c:\windows\system32\rulesdata1.xml Quarantaine Trace.File.VCatch
c:\windows\system32\rulesdata2.xml Quarantaine Trace.File.VCatch
c:\windows\system32\rulesdata3.xml Quarantaine Trace.File.VCatch
c:\windows\system32\rulesfactors.xml Quarantaine Trace.File.VCatch
c:\windows\system32\snd.mgf Quarantaine Trace.File.VCatch
c:\windows\system32\sub.mgf Quarantaine Trace.File.VCatch
c:\windows\system32\sze.mgf Quarantaine Trace.File.VCatch

Quarantaine

Fichiers: 15
Traces: 14
0
Julien > julien
15 août 2007 à 11:46
rapport de CCleaner

NETTOYAGE COMPLET - (11,994 secs)
------------------------------------------------------------------------------------------
42,6MB supprimés.
------------------------------------------------------------------------------------------

Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 2472) 37,7MB
Cookie:regina@mail.google.com/mail(&H100001) 102 bytes
Cookie:regina@ads.highmetrics.com/meteof(&H100001) 727 bytes
Cookie:regina@tribalfusion.com/(&H100001) 162 bytes
Cookie:regina@lastminute.com/(&H100001) 216 bytes
Cookie:regina@2o7.net/(&H100001) 128 bytes
Cookie:regina@www.laredoute.fr/(&H100001) 179 bytes
Cookie:regina@redcatsusa.com/(&H100001) 112 bytes
Cookie:regina@sdv.fr/(&H100001) 77 bytes
Cookie:regina@login.live.com/(&H100001) 181 bytes
Cookie:regina@h.msn.com/(&H100001) 67 bytes
Cookie:regina@bs.serving-sys.com/(&H100001) 125 bytes
Cookie:regina@google.com/(&H100001) 135 bytes
Cookie:regina@adtech.de/(&H100001) 160 bytes
Cookie:regina@live.com/(&H100001) 330 bytes
Cookie:regina@messenger.msn.com/(&H100001) 96 bytes
Cookie:regina@serving-sys.com/(&H100001) 415 bytes
Cookie:regina@cybermonitor.com/(&H100001) 88 bytes
Cookie:regina@bn.uol.com.br/(&H100001) 99 bytes
Cookie:regina@uol.com.br/(&H100001) 102 bytes
Cookie:regina@www.laredoute-magazines.fr/(&H100001) 124 bytes
Cookie:regina@112.2o7.net/(&H100001) 132 bytes
Cookie:regina@tracker.affistats.com/(&H100001) 168 bytes
Cookie:regina@google.com/mail/(&H100001) 454 bytes
Cookie:regina@msn.com/(&H100001) 330 bytes
Cookie:regina@xiti.com/(&H100001) 100 bytes
Cookie:regina@www.commentcamarche.net/(&H100001) 113 bytes
Cookie:regina@emsisoft.net/(&H100001) 426 bytes
Cookie:regina@smartadserver.com/(&H100001) 370 bytes
Cookie:regina@rad.msn.com/(&H100001) 690 bytes
Cookie:regina@weborama.fr/(&H100001) 85 bytes
Cookie:regina@hotmail.msn.com/(&H100001) 70 bytes
Cookie:regina@google.com/accounts/(&H100001) 470 bytes
Cookie:regina@sprice.com/(&H100001) 415 bytes
Cookie:regina@www.fr.lastminute.com/(&H100001) 291 bytes
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 12,28KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 36,20KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 76 bytes
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 5,34KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64,00KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\comsetup.log 2,01KB
C:\WINDOWS\FaxSetup.log 6,04KB
C:\WINDOWS\iis6.log 988 bytes
C:\WINDOWS\imsins.log 1,34KB
C:\WINDOWS\KB921503.log 27,46KB
C:\WINDOWS\KB936021.log 27,69KB
C:\WINDOWS\KB936357.log 13,75KB
C:\WINDOWS\KB937143.log 36,43KB
C:\WINDOWS\KB938127.log 27,72KB
C:\WINDOWS\KB938828.log 27,58KB
C:\WINDOWS\KB938829.log 27,24KB
C:\WINDOWS\msgsocm.log 309 bytes
C:\WINDOWS\ntdtcsetup.log 1,22KB
C:\WINDOWS\ocgen.log 2,85KB
C:\WINDOWS\ocmsn.log 342 bytes
C:\WINDOWS\setupact.log 60 bytes
C:\WINDOWS\setupapi.log 1,66KB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\tsoc.log 2,30KB
C:\WINDOWS\wmsetup.log 808 bytes
C:\WINDOWS\ntbtlog.txt 0,63MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 1,09MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 9,53KB
C:\WINDOWS\Debug\mrt.log 7,41KB
C:\WINDOWS\Debug\mrteng.log 578 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\cosmos.bcst.yahoo.com\ver\234\embed-2007-06-19-1259\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\cosmos.bcst.yahoo.com\ver\236\embed-2007-07-30-0956\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\cosmos.bcst.yahoo.com\ver\237\embed-2007-07-31-1718\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\l.yimg.com\LCOMMENGINEMGR.sol 314 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\skype.com\#ui\preferences.sol 233 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\#SharedObjects\5JGVFX93\video.lequipe.fr\swf\p.swf\userPrefs.sol 68 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com\settings.sol 80 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.lequipe.fr\settings.sol 86 bytes
C:\Documents and Settings\Regina\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 416 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070709-1447.log 391 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070709-1502.txt 1,84KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070814-2053.log 479 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070814-2124.txt 1,93KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.070709-1846.txt 1,83KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.070814-2136.txt 1,91KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 6,46KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 212 bytes
C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 1,24MB
C:\Documents and Settings\Regina\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-07-09 14-29-39.txt 12,16KB
C:\Documents and Settings\Regina\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-08-13 22-24-21.txt 30,15KB
C:\Documents and Settings\Regina\Application Data\Sun\Java\Deployment\cache\6.0\43\1852f6eb-5c2411ae 5,30KB
C:\Documents and Settings\Regina\Application Data\Sun\Java\Deployment\cache\6.0\43\1852f6eb-5c2411ae.idx 307 bytes
C:\Documents and Settings\Regina\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
C:\Documents and Settings\Regina\Application Data\Google\GoogleEarth\dbCache.dat 1,47MB
C:\Documents and Settings\Regina\Application Data\Google\GoogleEarth\dbCache.dat.index 0 bytes
------------------------------------------------------------------------------------------
0
Julien > Julien
15 août 2007 à 11:52
rapport de clean.zip

15/08/2007 a 11:49:58,21

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
0
Réponse 9 / 10
Utilisateur anonyme
15 août 2007 à 12:35
SLT

De temps en temps spywares secure se loge dans le panneau de configuration.Donc je prefere verifier.

fixe avec hijack cette ligne .

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

---------
puis faire

Démarrer==> Exécuter ==> Ecrire :regedit

presser :CTRL et F
Tout cocher
copier/coller : {2AB289AE-4B90-4281-B2AE-1F4BB034B647}

clic : Suivant
Si trouvé ==> clic-droit et supprimer
relancer la recherche jusqu'à l'annonce de FIN

REfait hijackthis et post le rapport.
0
Julien
15 août 2007 à 15:28
salut,
je t'envoie le rapport hiJackThis dans une 10aine de minutes; En attendant, voici les rapports AVGAS et SDFIX

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 14:19:47 15/08/2007

+ Résultat de l'analyse:



C:\Documents and Settings\Regina\Cookies\regina@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.


Fin du rapport

---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
SDFIX
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"="C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe:*:Disabled:backWeb-4448364"
"C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL 9.0"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
"C:\\Program Files\\Kazaa K++\\Kazaa.kpp"="C:\\Program Files\\Kazaa K++\\Kazaa.kpp:*:Disabled:Kazaa Media Desktop"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"="C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Disabled:StationRipperConsole"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\WINDOWS\CdaC14BA.DLL
C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\CdaC13BA.EXE

Finished
0
Julien > Julien
15 août 2007 à 15:45
Voici le nouveau report HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:00, on 15/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2faccess%2fallinone.asp%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.uol.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [uqqlfsv] c:\windows\system32\uqqlfsv.exe uqqlfsv
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - https://cjb.shopco.com/
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux -
O16 - DPF: teleir_cert -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Utilisateur anonyme > Julien
15 août 2007 à 20:38
Telecharge CWShredder:
Met le a jour (update), puis fermer IE, et tout les programmes en cours et clic sur FIX
https://www.trendmicro.com/en_us/forHome.html
0
Julien > Utilisateur anonyme
15 août 2007 à 23:27
Encore merci pour ton aide. Je viens de passer CWShredder et le résultat est que "CoolWebSearch was not found on your system".
Sinon, pour l'instant, mon pb de fenêtres intempestives semble aller mieux: plus de spyware secure, plus de sitespornos.
Par contre, je viens d'avoir à nouveau le problème de l'écran qui s'éteint alors que l'UC tourne... Penses-tu que ce problème soit dû à un virus ou un spyware? est-ce que ça ne peut pas être un pb hardware?
A+.
Julien.
0
Réponse 10 / 10
Utilisateur anonyme
16 août 2007 à 09:20
SLT

Verifie ta carte graphique.Essaie de la replacer.Controle aussi les branchements.
0

Discussions similaires

Mon pc s'allume et s'éteint en boucle
Jack -
Daniel -

16 réponses
écran qui s'éteint mais pas le PC
tib -
Morgan -

177 réponses