Sujet Précédent Sujet Suivant

Problèmes spools.exe, etc.

Résolu/Fermé
fobb - 12 juin 2008 à 19:50
 fobb - 31 août 2008 à 15:04
Bonjour,

Voici l'ordinateur présent était infecté de plusieurs façon et j'ai nettoyé certains éléments à partir de
ad-aware, spybot, ewido et hijackthis.
Par contre, comme vous pourrez le voir dans le post hijackthis qui suivra,
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Janette Pelletier\cftmon.exe
reviennent sans cesse malgré le nettoyage

De plus, il m'est impossble d'afficher quelque fond d'écran que ce soit...le fond d'écran est blanc...
De plus, mon anti-virus est absent dans le dossier program files... il s'agissait de Mcafee Viruscan...je le vois par contre dans ajout/supression de fichier (étrange)

Logfile of HijackThis v1.99.1
Scan saved at 13:42:14, on 2008-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\iexplore.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Janette Pelletier\cftmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Janette Pelletier\cftmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://ww25.incredijeux.com/online/online2/chuzzle/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


Merci de l'aide apportée.... me demander d'autres rapports d'autres programmes si vous voulez et/ou downloader quelqu'autres programmes que ce soit...

Merci
Etienne

44 réponses

Réponse 1 / 44
Utilisateur anonyme
12 juin 2008 à 20:05
Salut ,

Télécharge VundoFix ici -> http://www.atribune.org/ccount/click.php?id=4

lance Vundofix.exe
Coche la case Run VundoFix as a task,
Un pop-up va s'ouvrir , repond ok
Il va se refermer et réouvrir au bout d'une 1 minute environ.
Quand il est réouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Colle le rapport situé dans "c:\vundofix.txt" dans ta réponse

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutorial :

http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm



***********************************************************


Télécharge VirtumondoBegone :

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Redémarre en MSE et lance le,
Et poste moi le rapport. ( VBG.txt sauvegardé sur le bureau )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


***********************************************************

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

→ Poste le rapport dans ta réponse


***********************************************************

→ Lance HijackThis et clique sur "Open misc tools section" Déscends jusqu' a "uninstall HijackThis & exit" clique dessus puis répond ' oui ' à la demande de confirmation.


***********************************************************

→ Télécharge TrendMicro™ HijackThis™



Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe

Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\

→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm





A++
0
Réponse 2 / 44
fobb
15 juin 2008 à 19:58
Vundofix :

VundoFix V7.0.5

Scan started at 11:38:20 2008-06-15

Listing files found while scanning....

No infected files were found.


Beginning removal...


P.S. Le programme n'ouvre pas exactement comme tu me l'as mentionné puisque la version n'est plus la même... j'ai tout de même pu le faire fonctionner...
_____________________________________________________________________________


VirtumondoBegone:


[06/15/2008, 11:54:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Janette Pelletier\Desktop\VirtumundoBeGone.exe" )
[06/15/2008, 11:54:54] - Detected System Information:
[06/15/2008, 11:54:54] - Windows Version: 5.1.2600, Service Pack 2
[06/15/2008, 11:54:54] - Current Username: Janette Pelletier (Admin)
[06/15/2008, 11:54:54] - Windows is in SAFE mode with Networking.
[06/15/2008, 11:54:54] - Searching for Browser Helper Objects:
[06/15/2008, 11:54:54] - Finished Searching Browser Helper Objects
[06/15/2008, 11:54:54] - Finishing up...
[06/15/2008, 11:54:54] - Nothing found! Exiting...

P.S. Ce programme a été exécuté en mode sans échec à partir de la session de l'utilisateur et non dans la session administrateur.

_________________________________________________________________________________



Malwarebytes' Anti-Malware:


Malwarebytes' Anti-Malware 1.17
Database version: 857

12:57:21 2008-06-15
mbam-log-6-15-2008 (12-57-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106167
Time elapsed: 33 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 39
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 233

Memory Processes Infected:
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Unloaded module successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Unloaded module successfully.
C:\WINDOWS\system32\basecgia32.dll (Trojan.Downloader) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinAntivirusPro (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath (Hijack.Service) -> Bad: (C:\WINDOWS\system32\drivers\spools.exe) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\LiveAntispy (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Administrator\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Local Settings\Temp\ShprInstaller.exe (Adware.Shoper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP796\A0082800.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082845.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082846.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082848.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082849.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082850.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082851.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082853.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082854.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082855.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082856.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082857.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082858.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082859.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082860.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082861.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082862.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082863.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082864.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082865.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082866.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082867.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082868.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082870.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082871.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082872.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082873.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082875.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082876.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082877.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082878.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082879.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082880.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082881.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP803\A0087863.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089260.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089262.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089263.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089264.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089265.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089266.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089267.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089269.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089270.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089271.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089272.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089273.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089274.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089275.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089276.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089277.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089278.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089279.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089280.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089281.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089282.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089283.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089284.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089285.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089286.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089287.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089295.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089296.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089297.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091704.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091708.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091709.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091710.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091711.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091712.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091713.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091714.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091718.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP853\A0092646.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP853\A0092647.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093712.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093714.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093718.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093757.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093758.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093760.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093768.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093769.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093771.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093777.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093778.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093780.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093786.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093787.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093789.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093795.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093796.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093799.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093805.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093806.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094805.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094806.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094808.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094814.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094815.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094817.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094823.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094824.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094826.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094834.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094835.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094837.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094844.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094845.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094847.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094853.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094854.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095853.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095854.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095856.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095863.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095864.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095866.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095872.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095873.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096872.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096873.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096875.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096881.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096882.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097881.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097882.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097884.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097892.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097893.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097895.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097903.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097904.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098903.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098904.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098906.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098913.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098914.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098916.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098932.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098933.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098935.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098950.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098951.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098954.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099950.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099951.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099953.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099961.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099962.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099964.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100091.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100093.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100101.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100102.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100103.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100117.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100129.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100130.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100131.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100141.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100142.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100146.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100164.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100165.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100166.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100173.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100174.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100175.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100185.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100186.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100187.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100194.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100195.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100196.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100203.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100204.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100205.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100212.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100213.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100214.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100221.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100222.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100223.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100230.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100231.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100232.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100238.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100239.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100244.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100245.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100246.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIbaWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy.lic (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy1.la (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\Uninstall.exe (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basecgia32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\basenlu32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004AC45.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C2131.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.


P.S. Trois items ont refusé d'être effacé... on m'a mentionné d'effectuer un re-démarrage pour tenter la supression de ces éléments, ce que j'ai fait. Je ne sais pas, par contre, si ces éléments ont été effacés. Ce programme n'a pas été utilisé en mode sans échec.
____________________________________________________________________________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:13, on 2008-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 3 / 44
Utilisateur anonyme
15 juin 2008 à 20:01
Salut , !

Beau ménage fait par MBAM.



Je prend note des soucis que tu as eu.

Redémarre et fait ceci :


**************************************************

→ Télécharge Navilog1

et enregistre-le sur ton bureau.

→ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis l'option 1

Pendant le scan ton anti-virus risque de gueuler , ne t'inquiete pas c'est normal ;)

Patiente jusqu'au message

*** Analyse Termine le ..... ***

Puis poste moi le rapport.

( rapport situé a la racine du disque -> C:\Fixnavi.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutorial :
http://mickael.barroux.free.fr/securite/navilog.php


**************************************************


Ferme Internet Explorer puis fait :
Démarrer > panneau de configuration > options internet
Onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs : 

_electronic-group
_egroup
_Montorgueil
_VIP
_Sunny Day Design Ltd
_OOO-Favorit


Tu les supprimes.


**************************************************



a++
0
fobb
9 juil. 2008 à 20:57
...
0
Réponse 4 / 44
fobb
28 juin 2008 à 23:41
Concernant ces fichiers :

_electronic-group
_egroup
_Montorgueil
_VIP
_Sunny Day Design Ltd
_OOO-Favorit

dans l'onglet certificats, éditeurs approuvés, aucune n'a été trouvé..... désolé pour le délai de réponse, j'ai été occupé à mon job et il s'agit de l'ordinateur personnel de quelqu'un de ma famille..
je te reviens très bientôt pour le rapport de navilog.

++
fobb
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 44
fobb
5 juil. 2008 à 15:59
Re-bonjour,
voici donc, le rapport navilog de l'ordinateur...il semble avoir encore avoir trouvé des choses:

Search Navipromo version 3.6.0 commencé le 2008-07-05 à 9:40:07,12

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Janette Pelletier"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal


*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***


*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Guest\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Guest\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\startm~1\programs" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Recherche dossiers dans "C:\DOCUME~1\Guest\startm~1\programs" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Guest\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Guest\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\vvxGQBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 2008-07-05 à 9:46:54,81 ***


En espérant avoir de vos nouvelles... désolé pour le délai.
Merci!
Etienne
0
Réponse 6 / 44
fobb
9 juil. 2008 à 20:56
quelqu'un peu prendre le relais SVP ?
je crois que cyril ne suit plus mon topic.

MERCI!
0
Réponse 7 / 44
fobb
10 juil. 2008 à 02:22
allo?
0
Réponse 8 / 44
Utilisateur anonyme
10 juil. 2008 à 02:30
Salut

cyril n est plus present sur le forum


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\vvxGQBeg.ini2


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


ensuite :

Double cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valides.
(ne fais pas le choix 3 ou 4 sans notre avis/accord)

Le fix va t'informer qu'il va alors redémarrer ton PC
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuies sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc-notes. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

Postes le rapport içi.

0
Réponse 9 / 44
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
10 juil. 2008 à 02:31
Salut !!


- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-redémarrage du pc
- mettre le rapport dans la réponse

ensuite refais un nouveau rapport hijackthis stp
0
Réponse 10 / 44
fobb
11 juil. 2008 à 16:24
Bonjour,
comme demandé :

@ Chiquitine29 :

C:\WINDOWS\system32\vvxGQBeg.ini2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_090512

___________________________________________________________________


@ Chiquitine29 et @ geoffrey5 :

Clean Navipromo version 3.6.0 commencé le 2008-07-11 à 9:22:51,29

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Janette Pelletier"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\Guest\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***


*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Guest\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Guest\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\startm~1\programs" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Suppression dossiers dans "C:\DOCUME~1\Guest\startm~1\programs" ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Janette Pelletier\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\Guest\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 2008-07-11 à 9:26:54,62 ***


______________________________________________________________________________


@ geoffrey5 :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:00, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 11 / 44
Utilisateur anonyme
11 juil. 2008 à 16:30
# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

0
Réponse 12 / 44
fobb
12 juil. 2008 à 02:45
SmitFraudFix v2.329

Scan done at 20:40:39,89, 2008-07-11
Run from C:\Documents and Settings\Janette Pelletier\Desktop\fff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janette Pelletier


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janette Pelletier\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JANETT~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 13 / 44
Utilisateur anonyme
12 juil. 2008 à 02:47
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
0
Réponse 14 / 44
fobb
14 juil. 2008 à 00:53
SmitFraudFix v2.329

Scan done at 18:39:50,79, 2008-07-13
Run from C:\Documents and Settings\Janette Pelletier\Desktop\fff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




P.S. Ma mère mentionne qu'elle peut de nouveau changer ses fonds d'écran.... vraiment génial. Pour ce qui est de la session "Guest" qui a été créé, vous savez comment on peut l'effacer facilement? surement que la session a été créée par erreur de la part d,une personne utilisant l'ordinateur... Merci de m'éclairer là dessus et de demander d'autres rapports si nécessaire.
0
Réponse 15 / 44
Utilisateur anonyme
14 juil. 2008 à 01:07
salut en effet smithfraud c étais pour debloquer le fond d ecran

il nous faudrait un nouveu rapport hijackthis stp

et regarde depuis le panneau de configuration pour supprimer le session guest
0
fobb
16 juil. 2008 à 18:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:32, on 2008-07-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 16 / 44
Utilisateur anonyme
16 juil. 2008 à 18:46
ok on termine

réouvre hijackthis
fais scan only
coche ces lignes :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/s­wflash.cab


et clic sur fix checked


ensuite fais ceci :

Démarrer > executer > tape : services.msc

- Clic droit sur le service cité - My Web Search Service
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html


ensuite concernant Mc Afee je te conseil de le désinstaller au profit d antivir (gratuit en anglais mais simple)

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html


ensuite il n y a pas de parefeu (attention faudra le configurer)


pare-feu gratuits


télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/


ou

télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/

ou

ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225

ou

OnlineArmor :
téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall

tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
:https://www.malekal.com/tutorial-online-armor-free/



A lire :

https://www.commentcamarche.net/contents/992-firewall-pare-feu



ensuite :
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


ensuite :

Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware


instal le et met le a jours

ensuite lance le scan et supprime

puis poste le rapport sur le forum stp


ensuite :


telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

https://forums.cnetfrance.fr

http://www.softastuces.com/tuto/maint/regcleaner/



ensuite pour finir :


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


et :

Clic sur "démarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"

¤ coche la case "désactiver la Restauration du systéme sur tous les lecteurs", puis clic sur "appliquer"
¤ décoche la case et clic sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Clic sur "démarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé. Si un jour tu décides tu pourras revenir en arrière à la date créée.


Tuto : http://www.libellules.ch/desactiver_restauration.php





0
Réponse 17 / 44
fobb
26 juil. 2008 à 18:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:03, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 18 / 44
fobb
4 août 2008 à 04:34
Salut,

j'ai finalement installé Mcafee à ma mère, j'ai utilisé Ccleaner, AVG anti spyware, regcleaner avec succès.
Je n'ai pas encore effectué la restauration du systeme puisque je n'ai pas utilisé toolscleaner encore....jme demande prq je devrais effacer ces programmes qui sont utiles, non pas pour ma mère, mais pour moi sur son propre pc si je dois effectuer d'autres nettoyages plus tard. Est-il tout de même préférable que je les efface et que je revienne ici si il y a des problèmes ultérieurs?

voici le rapport AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:07:07 2008-08-03

+ Résultat de l'analyse:



C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100094.exe -> Not-A-Virus.PUP.WinAntiVirus.o : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Cookies\janette_pelletier@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Cookies\janette_pelletier@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Desktop\SmitfraudFix\IEDFix.exe -> Trojan.Renos.vaoz : Aucune action entreprise.
C:\WINDOWS\system32\IEDFix.exe -> Trojan.Renos.vaoz : Aucune action entreprise.


Fin du rapport

*BON ON MENTIONNE QU'IL N'Y A AUCUNE ACTION PRISE, MAIS C'EST QUE J'AI SAUVEGARDÉ LE RAPPORT AVANT LE NETTOYAGE...J'AI PRIS LE SOIN DE TOUS LES SUPPRIMER, MÊME SI LE PROGRAMME VOULAIT EN METTRE DEUX EN QUARANTAINE.


Je t'ai aussi refait un rapport hijackthis au cas où tu verrais autre chose :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:02, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Recettes du Québec\recettes.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Application Installer Cleanup (0060091217811987) (0060091217811987mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\006009~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 19 / 44
fobb
8 août 2008 à 00:09
uP!

est-ce que chiquitine fait toujours partie de votre équipe?
merci de me répondre
fobb
0
Réponse 20 / 44
fobb Messages postés 47 Date d'inscription samedi 9 août 2008 Statut Membre Dernière intervention 25 février 2010
9 août 2008 à 20:18
second Up.....
j'ai envoyé un message pv à chiquitine...aucune réponse...
quelqu'un sait si il fait toujours partie de votre équipE?

merci
0