> Tous les forumsSécurité

 Virus ?Sujet résolu
2 pages : [1] 2 ... Fin
Bas de la page Page Précédente Page Suivante 
Statut du sujet : RESOLU Imprimer
 Vally 29
  Posté le 16/08/2008 @ 01:07  
 Petite astucienne

192 Messages

Bonjour à tous.

une fois de plus j'ai besoin de votre aide.

Je suis chez une amie, et j'ai un doute concernant son pc.

Je poste ici un rapport HijackThis et se serait super sympa d'y jeter un oeil.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:03:15, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitLord\BitLord.exe
C:\Documents and Settings\Olivia Chénard\Bureau\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3223A7F1-2FB8-46BA-B48B-E8E3C8EC4F63} - (no file)
O2 - BHO: (no name) - {3E4C501C-E636-4AFD-9ADD-58D89F2DEEBD} - (no file)
O2 - BHO: (no name) - {3FDA354C-38A7-47DD-9AC7-E161AEB199EB} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: {c666bd23-bc6e-d238-51f4-9c30351fb7e5} - {5e7bf153-03c9-4f15-832d-e6cb32db666c} - (no file)
O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F1C3E8EF-5FF0-40AC-B172-BD19C90DE6DD} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [2b1b13ad] rundll32.exe "C:\WINDOWS\system32\sosybdxv.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM28282031] Rundll32.exe "C:\WINDOWS\system32\qfmtpyuc.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)
O20 - Winlogon Notify: hgGvsqoM - hgGvsqoM.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll (file missing)
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll (file missing)
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2xpdmlhIENo6W5hcmQ\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12857 bytes

Merci par avance.

 Afficher le profil de Vally 29 Envoyer un message privé à Vally 29
 Aller en bas de la page  
 
Publicité
 no.ppp  Posté le 16/08/2008 à 17:49  
Groupe Sécurité


1391 Messages

Bonjour,

Tu fais bien de douter. Il y a pas mal de restes.

Le PC est infecté.

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau
Décompresse-le (clic droit >> Extraire ici) et double-clique sur le fichier MSNFix.bat (le .bat peut ne pas apparaître)
Exécute l'option R.
Si l'infection est détectée,effectue l'option N.
Sauvegarde le rapport puis fait un copier/coller de ce rapport dans ton prochain message.

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 17/08/2008 à 11:50  
Petite astucienne

192 Messages

Bonjour nn.ppp,

Merci de s'occuper de mon cas,

donc voilà j'ai effectué tout ce que tu m'as dit et voici le rapport :

MSNFix 1.742

C:\Documents and Settings\Olivia Ch‚nard\Bureau\MSNFix
Fix exécuté le 17/08/2008 - 11:38:32,64 By Olivia Ch‚nard
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\ctfmon32.exe
... C:\WINDOWS\Downloaded Program Files\setup.inf
... C:\WINDOWS\system32\mcrh.tmp
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\iexplorer.exe
... C:\WINDOWS\svchost32.exe
... C:\WINDOWS\system32\mcrh.tmp

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\ctfmon32.exe
.. OK ... C:\WINDOWS\Downloaded Program Files\setup.inf
.. OK ... C:\WINDOWS\system32\mcrh.tmp
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\iexplorer.exe
.. OK ... C:\WINDOWS\svchost32.exe
.. OK ... C:\WINDOWS\system32\mcrh.tmp



************************ Nettoyage du registre



************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080817114038
-- original size 4.06 Kb / 90 lines
-- Start cleaning Hosts file ....

/!\... antivirus.com ..... Found and removed


-- final size 3.4 Kb / 76 lines
-- entry Found : 1 / Entry check : 310

End .............................. 82.55 Secondes





Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé





************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080817114405
-- original size 3.4 Kb / 76 lines
-- Start cleaning Hosts file ....



-- final size 3.4 Kb / 76 lines
-- entry Found : 0 / Entry check : 310

End .............................. 61.83 Secondes



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\SONIC_CD.EXE] 333AB3426F42135DD1B0CCDAA3C04C56

[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\OLIVIA~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17082008_11451006.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Merci beaucoup

Vally

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 17/08/2008 à 12:25  
Groupe Sécurité


1391 Messages

Re,

Connais-tu : C:\SONIC_CD.EXE ?

Fais ceci aussi stp :

SVP merci d'envoyer le fichier C:\DOCUME~1\OLIVIA~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr

Télécharge SDFix (créé par AndyManchesta)
Double-clique sur SDFix.exe
Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

/!\ Je te conseille de copier ces instructions dans un document .txt car tu n'y auras pas accès en mode sans échec /!\

Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
Double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
Copie/colle le contenu


Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe


Clique sur Ok.
Redémarre et essaie de relancer SDFix.

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 17/08/2008 à 13:11  
Petite astucienne

192 Messages

re

Voilà le rapport ci joint :


SDFix: Version 1.216
Run by Olivia Ch‚nard on 17/08/2008 at 13:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
cmdService
Network Monitor

Path :
C:\WINDOWS\T2xpdmlhIENo6W5hcmQ\command.exe
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\accesss.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\avpcc.dll - Deleted
C:\WINDOWS\clrssn.exe - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted



Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\VirusGarde - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 13:06:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:lphant Client"
"C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"="C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe:*:Enabled:Firmware Upgrader Hitachi"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BitLord2\\BitLord.exe"="C:\\Program Files\\BitLord2\\BitLord.exe:*:Enabled: "
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Jan 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Thu 27 Sep 2007 6,440 ..SH. --- "C:\WINDOWS\system32\nmllm.bak1"
Thu 27 Sep 2007 6,440 ..SH. --- "C:\WINDOWS\system32\sstwa.bak1"
Fri 28 Sep 2007 6,605 ..SH. --- "C:\WINDOWS\system32\rttss.bak1"
Sun 13 Jan 2008 266,045 ..SH. --- "C:\WINDOWS\system32\oqtss.bak2"
Sat 29 Sep 2007 6,604 ..SH. --- "C:\WINDOWS\system32\ghhkj.bak1"
Sun 30 Sep 2007 6,440 ..SH. --- "C:\WINDOWS\system32\cdeeg.bak1"
Sun 13 Jan 2008 265,971 ..SH. --- "C:\WINDOWS\system32\oqtss.bak1"
Sun 30 Sep 2007 6,440 ..SH. --- "C:\WINDOWS\system32\xybeg.bak1"
Fri 19 Oct 2007 186,474 ..SH. --- "C:\WINDOWS\system32\cdeeg.bak2"
Sun 13 Jan 2008 266,114 ..SH. --- "C:\WINDOWS\system32\oqtss.tmp"
Wed 9 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 18 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 30 Aug 2007 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1A.tmp"
Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9a57e2a6d580705a96ff50eb33fc9c65\BIT1.tmp"
Sun 13 Jan 2008 8,913,016 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ddfe46b45214573a0c1029d3fb2d13c\BITA.tmp"
Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT2.tmp"
Sat 19 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 15 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 25 Oct 2004 29,184 ...H. --- "C:\Documents and Settings\Olivia Ch‚nard\Application Data\Microsoft\ModŠles\~WRL0002.tmp"
Fri 18 May 2007 20 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 18 May 2007 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 18 May 2007 9,656 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!

Merci beaucoup

vally 29

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 17/08/2008 à 13:48  
Groupe Sécurité


1391 Messages

Re,

Connais-tu : C:\SONIC_CD.EXE ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Fix Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Télécharge VirtumondeBegone
Exécute le et laisse toi guider.
Le scan peut durer quelques minutes.
Enregistre le rapport sur le bureau.
Redémarre ton PC et poste le rapport ainsi qu'un nouveau rapport HijackThis.

NOTE : Si tu vois un écran bleu "erreur fatale" c'est normal.

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 17/08/2008 à 15:45  
Petite astucienne

192 Messages

re

Je ne connais pas C:\SONIC_CD.EXE

Par contre quand je lance vindofix je n'obtiens pas de rapport. Sinon voici le rapport virtumonde

<
[08/17/2008, 15:34:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Olivia Chénard\Mes documents\My Completed Downloads\VirtumundoBeGone.exe" )
[08/17/2008, 15:34:03] - Detected System Information:
[08/17/2008, 15:34:04] - Windows Version: 5.1.2600, Service Pack 2
[08/17/2008, 15:34:04] - Current Username: Olivia Chénard (Admin)
[08/17/2008, 15:34:04] - Windows is in NORMAL mode.
[08/17/2008, 15:34:04] - Searching for Browser Helper Objects:
[08/17/2008, 15:34:04] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[08/17/2008, 15:34:04] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/17/2008, 15:34:04] - BHO 3: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Adobe PDF Link Helper)
[08/17/2008, 15:34:04] - BHO 4: {3223A7F1-2FB8-46BA-B48B-E8E3C8EC4F63} ()
[08/17/2008, 15:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2008, 15:34:04] - No filename found. Continuing.
[08/17/2008, 15:34:04] - BHO 5: {3E4C501C-E636-4AFD-9ADD-58D89F2DEEBD} ()
[08/17/2008, 15:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2008, 15:34:04] - No filename found. Continuing.
[08/17/2008, 15:34:04] - BHO 6: {3FDA354C-38A7-47DD-9AC7-E161AEB199EB} ()
[08/17/2008, 15:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2008, 15:34:04] - No filename found. Continuing.
[08/17/2008, 15:34:04] - BHO 7: {5e7bf153-03c9-4f15-832d-e6cb32db666c} ()
[08/17/2008, 15:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2008, 15:34:04] - No filename found. Continuing.
[08/17/2008, 15:34:04] - BHO 8: {60270dc7-9ea0-472f-9b77-66652c06246e} (SpeedBitPlus Toolbar)
[08/17/2008, 15:34:04] - BHO 9: {68950839-2675-49E2-B6A5-442E0B0D1BA4} ()
[08/17/2008, 15:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2008, 15:34:04] - No filename found. Continuing.
[08/17/2008, 15:34:04] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/17/2008, 15:34:04] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[08/17/2008, 15:34:04] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/17/2008, 15:34:04] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/17/2008, 15:34:04] - BHO 14: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/17/2008, 15:34:04] - BHO 15: {F1C3E8EF-5FF0-40AC-B172-BD19C90DE6DD} ()
[08/17/2008, 15:34:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2008, 15:34:04] - No filename found. Continuing.
[08/17/2008, 15:34:04] - Finished Searching Browser Helper Objects
[08/17/2008, 15:34:04] - Finishing up...
[08/17/2008, 15:34:04] - Nothing found! Exiting...

et le rapport hisjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:58, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\Olivia Chénard\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3223A7F1-2FB8-46BA-B48B-E8E3C8EC4F63} - (no file)
O2 - BHO: (no name) - {3E4C501C-E636-4AFD-9ADD-58D89F2DEEBD} - (no file)
O2 - BHO: (no name) - {3FDA354C-38A7-47DD-9AC7-E161AEB199EB} - (no file)
O2 - BHO: {c666bd23-bc6e-d238-51f4-9c30351fb7e5} - {5e7bf153-03c9-4f15-832d-e6cb32db666c} - (no file)
O2 - BHO: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F1C3E8EF-5FF0-40AC-B172-BD19C90DE6DD} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe1.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [2b1b13ad] rundll32.exe "C:\WINDOWS\system32\sosybdxv.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM28282031] Rundll32.exe "C:\WINDOWS\system32\qfmtpyuc.dll",s
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)
O20 - Winlogon Notify: hgGvsqoM - hgGvsqoM.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll (file missing)
O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll (file missing)
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 12426 bytes
merci beaucoup

Vally

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 17/08/2008 à 20:03  
Groupe Sécurité


1391 Messages

OK. Si tu ne t'en sers pas, tu peux supprimer C:\SONIC_CD.exe.

C'est toi qui a installé Boonty ?

Télécharge et installe MalwareByte's
Redémarre en Mode Sans Échec
Lance une analyse complète.
A la fin du scan, clique sur "Afficher les résultats" > "Supprimer la sélection" ou "Remove Selected"
Copie/colle le rapport final.

Aide en images

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Vally 29  Posté le 17/08/2008 à 21:54  
Petite astucienne

192 Messages

Non non boonty moi même je ne connais pas c'est le pc d'une amie. Par contre je desinstalle SONY

A toute à l'heure j'effectue malwarebyte's

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 17/08/2008 à 22:12  
Groupe Sécurité


1391 Messages

Il serait intéressant de lui demander.

La politique de Boonty :

"Il se peut que nous partageons aussi des informations payantes avec des tiers

qui fournissent ds services payants et partage des données regroupées montrant le type

et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,

niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,

internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.

De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails

qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."

Si ton amie est d'accord avec cette politique, c'est OK, si elle ne l'est pas, il faudra penser à le supprimer.

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 17/08/2008 à 22:14  
Petite astucienne

192 Messages

Voici le rapport malwarebyte's

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1061
Windows 5.1.2600 Service Pack 2

22:06:41 17/08/2008
mbam-log-8-17-2008 (22-06-38).txt

Type de recherche: Examen rapide
Eléments examinés: 47084
Temps écoulé: 8 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 267
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 76
Fichier(s) infecté(s): 158

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{b0f1f251-79bd-4ac5-bdb6-383379e50cb3} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotbarsa (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm28282031 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2b1b13ad (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Hotbar (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0 (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\components (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.0.21 (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\ShoppingReport (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
C:\Casino (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\html (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\html\chat (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\html\chat\emoticons (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\interface (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\interface\chat (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\interface\ui (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\buttons (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\ui (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\login (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\menu (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\gameicon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\sounds (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat_ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\sicbo_ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\roulette_ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld\sounds (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld\windows (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat_video (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat_video\table (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\buttons (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\sounds (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\tables (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\tables\cocktail (Adware.Casino) -> No action taken.
C:\WINDOWS\system32\modtrux05 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\res3 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\rafjjnts.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\stnjjfar.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Local Settings\Application Data\nflekcdbca_navps.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Local Settings\Application Data\nflekcdbca_nav.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Local Settings\Application Data\nflekcdbca.dat (Adware.Navipromo) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\CoreSrv.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HostOL.dll (Adware.Zango) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HostIE.dll (Adware.Zango) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\Srv.exe (Adware.Zango) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\Toolbar.dll (Adware.Zango) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\yabhahcf.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\casrleig.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\WeSkin.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\link.ico (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HotbarSAHook.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HotbarSAAX.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HotbarSA.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\Cml.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\arrow.ico (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EAA96.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EB796.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EB8FD.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EC64B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\002330F8.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00233F12.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00234154.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\002342EA.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0023452C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\002346C3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00060801 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0011BE6B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00131FEF (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00209118.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\_SetupCasino[1].exe (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\replace.exe (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\casino.exe (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\unicows.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\gdigraphdriver.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\directsounddriver.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\cactivex.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\casino.hlp (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccaratln.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccaratlive.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\loader.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\common.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\cashier.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\tahoma8b.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\tahoma8.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\tahoma10b.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\square721bdexbt.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\serifabdcnbt.fon (Adware.Casino) -> No action taken.
C:\WINDOWS\system32\modtrux05\modtrux051080.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM28282031.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM28282031.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oqtss.bak1 (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\rplimjfdhe_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\ykzaxhmet_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\kwwmc_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\isemcag_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\rplimjfdhe_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\ykzaxhmet_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\kwwmc_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\isemcag_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.

merci

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 17/08/2008 à 22:27  
Groupe Sécurité


1391 Messages

J'avais demandé un examen complet....

Tu n'as pas supprimé la sélection...

On refera un scan MalwareByte's après.

Télécharge Navilog1 (d'IL-MAFIOSO) sur ton Bureau.
Double-clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation effectuée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide.

/!\ Ne fais pas les choix 2, 3 ou 4 sans mon accord ! /!\

Patiente jusqu'au message :

*** Analyse Termine le ..... ***


Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
Copie-colle l'intégralité du rapport dans ta réponse. Referme le bloc-note.
(Le rapport est sauvegardé à la racine du disque C:\fixnavi.txt)

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 17/08/2008 à 23:28  
Petite astucienne

192 Messages

Désolée je me suis rendue compte trop tard que je n'avais pas supprimé. Chose faite maintenant.

Voici le rapport :

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1061
Windows 5.1.2600 Service Pack 2

22:06:03 17/08/2008
mbam-log-8-17-2008 (22-05-59).txt

Type de recherche: Examen rapide
Eléments examinés: 47084
Temps écoulé: 8 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 267
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 76
Fichier(s) infecté(s): 158

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{b0f1f251-79bd-4ac5-bdb6-383379e50cb3} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotbarsa (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm28282031 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2b1b13ad (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Hotbar (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0 (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\components (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.0.21 (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\ShoppingReport (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
C:\Casino (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\html (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\html\chat (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\html\chat\emoticons (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\interface (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\interface\chat (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\interface\ui (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\buttons (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\ui (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\login (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\menu (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\gameicon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\sounds (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby\ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat_ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\sicbo_ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\roulette_ln (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld\sounds (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld\windows (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat_video (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat_video\table (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\buttons (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\sounds (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\tables (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls\tables\cocktail (Adware.Casino) -> No action taken.
C:\WINDOWS\system32\modtrux05 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\res3 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\rafjjnts.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\stnjjfar.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Local Settings\Application Data\nflekcdbca_navps.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Local Settings\Application Data\nflekcdbca_nav.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Local Settings\Application Data\nflekcdbca.dat (Adware.Navipromo) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\CoreSrv.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HostOL.dll (Adware.Zango) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HostIE.dll (Adware.Zango) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\Srv.exe (Adware.Zango) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\Toolbar.dll (Adware.Zango) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\yabhahcf.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\casrleig.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\WeSkin.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\link.ico (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HotbarSAHook.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HotbarSAAX.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\HotbarSA.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\Cml.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\arrow.ico (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\BIN\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EAA96.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EB796.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EB8FD.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\001EC64B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\002330F8.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00233F12.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00234154.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\002342EA.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0023452C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\002346C3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00060801 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0011BE6B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00131FEF (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00209118.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\_SetupCasino[1].exe (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\replace.exe (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\casino.exe (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\unicows.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\gdigraphdriver.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\directsounddriver.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\cactivex.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\casino.hlp (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\balls.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccaratln.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccaratlive.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\baccarat.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\aroundtheworld.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\lobby.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\loader.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\common.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\cashier.dll (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\tahoma8b.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\tahoma8.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\tahoma10b.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\square721bdexbt.fon (Adware.Casino) -> No action taken.
C:\Casino\Côte d'Azur Palace Casino\data\shared\fonts\serifabdcnbt.fon (Adware.Casino) -> No action taken.
C:\WINDOWS\system32\modtrux05\modtrux051080.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Olivia Chénard\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM28282031.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM28282031.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oqtss.bak1 (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\rplimjfdhe_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\ykzaxhmet_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\kwwmc_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\isemcag_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\rplimjfdhe_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\ykzaxhmet_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\kwwmc_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\isemcag_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.

Merci et désolée encore

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 17/08/2008 à 23:36  
Petite astucienne

192 Messages

désolée j'ai encore envoyé le mauvais rapport malwarebyte's, décidémment, bon je le referais tout à l'heure. Sinon

voici le rapport navilog

Search Navipromo version 3.6.4 commencé le 17/08/2008 à 23:33:17,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Olivia Chénard"

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Olivia Chénard\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.OEM\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Olivia Chénard\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.OEM\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Olivia Chénard\menud+~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Olivia Chénard\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1.OEM\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

kwwmc.dat trouvé !
rplimjfdhe.dat trouvé !
ykzaxhmet.dat trouvé !

* Dans "C:\Documents and Settings\Olivia Chénard\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1.OEM\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\accdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\oqtss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ISsvDcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\nmllm.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\sstwa.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\rttss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ghhkj.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\cdeeg.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\xybeg.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\oqtss.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\cdeeg.bak2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 17/08/2008 à 23:35:07,76 ***

mERCI

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 MacPeter  Posté le 17/08/2008 à 23:55  
  Groupe Sécurité


20593 Messages

Bonsoir Vally29, No.ppp

Re: Vally29

En attendant le retour de N0.ppp, t'as toujours le même problème: "No action taken". T'as toujours rien supprimé.

Si le malware est supprimé tu verras "deleted" = effacé/supprimé.

Tu pourrais faire ça avant le retour de No.ppp.

Afficher le profil de MacPeter Voir la configuration de MacPeterEnvoyer un message privé à MacPeter
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Vally 29  Posté le 18/08/2008 à 00:05  
Petite astucienne

192 Messages

bonsoir Macpeter,

Oui je me suis rendue compte que le rapport malwarebyte's, je l'ai effectué de nouveau et le voici :

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1061
Windows 5.1.2600 Service Pack 2

23:48:43 17/08/2008
mbam-log-8-17-2008 (23-48-43).txt

Type de recherche: Examen rapide
Eléments examinés: 47095
Temps écoulé: 7 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\isemcag_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
mERCI

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 00:30  
Groupe Sécurité


1391 Messages

MacPeter

Vally29,

Double-clique sur le raccourci Navilog1 et laisse-toi guider.
Au menu principal, choisis l'option 2 et valide par ENTREE.

Le fix va t'informer qu'il va alors redémarrer ton PC.
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts.
Appuie sur une touche comme demandé.

(si ton PC ne redémarre pas automatiquement, redémarre-le normalement)

Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :

*** Nettoyage Termine le ..... ***


Le bloc-note va s'ouvrir.
Le rapport se situe à la racine de ton disque dur (C:\cleannavi.txt)
Referme le blocnote. Ton bureau va réapparaître.
Copie/Colle le rapport final

PS :
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Clique sur fichier et choisis Exécuter
Tape explorer.exe et valide. Ton bureau va réapparaître

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 18/08/2008 à 09:54  
Petite astucienne

192 Messages

nn.ppp,

Voilà j'ai effectué navilog 2 et le rapport est le suivant :

Clean Navipromo version 3.6.4 commencé le 18/08/2008 à 9:44:25,45

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Olivia Chénard"

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Olivia Chénard\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1.OEM\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Olivia Chénard\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.OEM\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Olivia Chénard\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.OEM\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Olivia Chénard\menud+~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Olivia Ch‚nard\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


isemcag.exe trouvé !
Copie isemcag.exe réalisée avec succès !
isemcag.exe supprimé !

isemcag.dat trouvé !
Copie isemcag.dat réalisée avec succès !
isemcag.dat supprimé !

isemcag_navps.dat trouvé !
Copie isemcag_navps.dat réalisée avec succès !
isemcag_navps.dat supprimé !

C:\WINDOWS\prefetch\isemcag*.pf trouvé !
Copie C:\WINDOWS\prefetch\isemcag*.pf réalisée avec succès !
C:\WINDOWS\prefetch\isemcag*.pf supprimé !

kwwmc.dat trouvé !
Copie kwwmc.dat réalisée avec succès !
kwwmc.dat supprimé !

rplimjfdhe.dat trouvé !
Copie rplimjfdhe.dat réalisée avec succès !
rplimjfdhe.dat supprimé !

ykzaxhmet.dat trouvé !
Copie ykzaxhmet.dat réalisée avec succès !
ykzaxhmet.dat supprimé !


* Dans "C:\Documents and Settings\Olivia Chénard\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1.OEM\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 18/08/2008 à 9:49:57,60 ***

Merci

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 10:05  
Groupe Sécurité


1391 Messages

Bonjour Vally29,

On enchaine avec ComboFix pour shooter Vundo

Affiche les Fichiers cachés de Windows XP : Afficher les fichiers cachés de XP


/!\ Déconnecte toi d'Internet, désactive toutes tes protections résidentes et ne touche à rien pendant le scan /!\

Télécharge ComboFix (de sUBs) sur ton bureau
Exécute-le.
Le bureau peut disparaître pendant le scan : c'est normal.
À la fin, il va créer un rapport situé à la racine de ton disque dur. (C:\ComboFix.txt)
Ouvre-le et colle-le ici.

NOTE : Si l'écran ne réapparaît pas :
Appuie simultanément sur CTRL + ALT + SUPPR.
Le Gestionnaire des tâches s'ouvre. Clique sur Fichier puis sur Exécuter. Tape explorer et valide. Le bureau s'affichera à nouveau.

/!\ Réactive toutes tes protections résidentes /!\

Aide en images pour désactiver tes protections résidentes :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 18/08/2008 à 11:29  
Petite astucienne

192 Messages

re

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 18/08/2008 à 11:32  
Petite astucienne

192 Messages

je n'arrive pas à envoyer le rapport combofix. Il est fait mais je n'arrive pas à l'envoyer.

Que dois-je faire ?

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 11:56  
Groupe Sécurité


1391 Messages

Clique sur "Démarrer" > "Poste de travail"

Double-clique sur "C:\" > Ouvre "ComboFix.txt"

Clique sur "Edition" > "Tout sélectionner"

Reclique sur "Edition" > "Copier"

Dans ta prochaine réponse, appuie simultanément sur "Ctrl+V"

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Vally 29  Posté le 18/08/2008 à 16:50  
Petite astucienne

192 Messages

A chaque fois que je veux envoyer le rapport voilà ce qui s'affiche :

Microsoft OLE DB Provider for ODBC Drivers error '80040e31'

[MySQL][ODBC 3.51 Driver][mysqld-5.0.41-community-nt]Data too long for column 'R_MESSAGE' at row 1

/envoi_info.asp, line 1256*

que dois-je faire ?

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 18/08/2008 à 17:06  
Petite astucienne

192 Messages

ComboFix 08-08-17.03 - Olivia Chénard 2008-08-18 16:59:35.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.103 [GMT 2:00]
Endroit: C:\Documents and Settings\Olivia Chénard\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.

2008-08-18 11:18 . 2008-08-18 11:18 <REP> d-------- C:\Documents and Settings\Olivia ChÚnard
2008-08-18 01:15 . 2008-08-18 01:15 <REP> d-------- C:\Program Files\TorrentMan
2008-08-18 00:10 . 2008-08-18 00:10 <REP> d-------- C:\Program Files\AmimoPlus
2008-08-18 00:09 . 2008-08-18 00:09 <REP> d-------- C:\Program Files\Super-Motus
2008-08-18 00:09 . 2008-08-18 00:09 <REP> d-------- C:\Documents and Settings\Olivia Chénard\Application Data\System
2008-08-17 23:31 . 2008-08-17 23:31 <REP> d-------- C:\Program Files\Navilog1
2008-08-17 21:51 . 2008-08-17 21:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 21:51 . 2008-08-17 21:51 <REP> d-------- C:\Documents and Settings\Olivia Chénard\Application Data\Malwarebytes
2008-08-17 21:51 . 2008-08-17 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-17 21:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 21:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-17 13:51 . 2008-08-17 13:51 <REP> d-------- C:\VundoFix Backups
2008-08-17 12:58 . 2008-08-17 12:58 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-17 12:54 . 2003-01-01 00:09 <REP> d-------- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\WINDOWS
2008-08-17 12:54 . 2003-01-01 00:00 <REP> d--h----- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Voisinage réseau
2008-08-17 12:54 . 2003-01-01 00:00 <REP> d--h----- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Voisinage d'impression
2008-08-17 12:54 . 2003-01-01 00:00 <REP> d--h----- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Modèles
2008-08-17 12:54 . 2003-01-01 00:09 <REP> dr------- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Mes documents
2008-08-17 12:54 . 2003-01-01 00:00 <REP> dr------- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Menu Démarrer
2008-08-17 12:54 . 2003-01-01 00:09 <REP> dr------- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Favoris
2008-08-17 12:54 . 2003-01-01 00:00 <REP> d-------- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7\Bureau
2008-08-17 12:54 . 2008-08-17 12:54 <REP> d-------- C:\Documents and Settings\Administrateur.OEM-EG7CBW1XEJ7
2008-08-17 12:35 . 2008-08-15 21:15 <REP> d-------- C:\SDFix
2008-08-17 11:58 . 2008-08-17 11:58 <REP> d-------- C:\Program Files\SpeedBitPlus
2008-08-17 11:58 . 2008-08-17 11:58 <REP> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-08-17 11:58 . 2008-08-17 11:58 <REP> d-------- C:\Program Files\Conduit
2008-08-16 01:37 . 2008-08-16 01:37 0 --a------ C:\Default.Bmp
2008-08-16 01:36 . 2008-08-16 01:37 <REP> d-------- C:\Program Files\ActivIcons
2008-08-16 01:20 . 2008-08-16 01:20 <REP> d-------- C:\Program Files\Microangelo Toolset 6
2008-08-15 18:27 . 2008-08-15 18:27 <REP> d--hs---- C:\FOUND.016
2008-08-15 10:49 . 2008-08-15 10:49 <REP> d-------- C:\Program Files\BitLord
2008-08-15 10:38 . 2008-08-15 10:38 <REP> d-------- C:\Program Files\BitLord2
2008-08-15 10:31 . 2008-08-15 10:31 <REP> d-------- C:\Program Files\VirginMega
2008-08-15 10:30 . 2008-08-15 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-14 21:21 . 2008-08-14 21:21 <REP> d--hs---- C:\FOUND.015
2008-08-14 12:30 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 13:50 . 2008-08-13 13:50 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-13 13:50 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-13 13:49 . 2008-08-13 13:49 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-13 13:49 . 2008-08-13 13:50 <REP> d-------- C:\Documents and Settings\Olivia Chénard\Application Data\TuneUp Software
2008-08-13 13:49 . 2008-08-13 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-13 13:48 . 2008-08-13 13:48 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-12 14:12 . 2008-08-12 14:12 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-08-12 14:12 . 2008-08-12 14:12 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-08-12 14:12 . 2008-08-12 14:12 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-08-12 11:10 . 2008-08-16 02:16 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-12 10:37 . 2008-08-12 10:37 <REP> d-------- C:\Program Files\Motive
2008-08-12 10:24 . 2008-08-12 10:24 <REP> d-------- C:\Program Files\BroadJump
2008-08-12 10:24 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-08-12 10:24 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-08-12 10:24 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-08-12 10:24 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2008-08-12 10:24 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-08-11 20:18 . 2008-08-11 20:18 <REP> d-------- C:\Program Files\Circle Developement
2008-08-11 20:17 . 2008-08-11 20:17 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-11 19:58 . 2008-08-11 19:58 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.009
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.008
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.007
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.006
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.005
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.004
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.003
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.002
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d--hs---- C:\FOUND.001
2008-08-11 13:42 . 2008-08-11 13:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-11 12:51 . 2008-08-11 12:51 <REP> d--hs---- C:\FOUND.000
2008-08-11 09:51 . 2008-08-11 09:51 <REP> d-------- C:\Program Files\DAP
2008-08-11 09:51 . 2008-08-11 09:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-08-10 20:58 . 2008-08-10 20:58 <REP> d-------- C:\Program Files\Webshots
2008-08-10 20:58 . 2008-08-10 20:58 <REP> d-------- C:\Documents and Settings\Olivia Chénard\Application Data\Webshots
2008-08-10 19:00 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-10 18:04 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-10 17:29 . 2008-08-10 17:29 <REP> d-------- C:\4d5c7739c177ac142ffe745497a3
2008-08-10 14:28 . 2008-08-10 14:28 <REP> d-------- C:\Program Files\Alwil Software
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-25 14:02 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-02-14 14:13 276,271 ----a-w C:\Program Files\TUTORIAL.sc3
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{60270dc7-9ea0-472f-9b77-66652c06246e}"= "C:\Program Files\SpeedBitPlus\tbSpe1.dll" [2008-08-17 12:05 1569304]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTor0.dll" [2008-05-21 00:43 1526296]

[HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60270dc7-9ea0-472f-9b77-66652c06246e}]
2008-08-17 12:05 1569304 --a------ C:\Program Files\SpeedBitPlus\tbSpe1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-21 00:43 1526296 --a------ C:\Program Files\TorrentMan\tbTor0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{60270dc7-9ea0-472f-9b77-66652c06246e}"= "C:\Program Files\SpeedBitPlus\tbSpe1.dll" [2008-08-17 12:05 1569304]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTor0.dll" [2008-05-21 00:43 1526296]

[HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{60270DC7-9EA0-472F-9B77-66652C06246E}"= "C:\Program Files\SpeedBitPlus\tbSpe1.dll" [2008-08-17 12:05 1569304]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Program Files\TorrentMan\tbTor0.dll" [2008-05-21 00:43 1526296]

[HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-17 13:34 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-08-10 21:54 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-08-12 14:12 3065344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 18:46 543232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-08-10 22:05 6731312]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-08-17 11:58 2705008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Olivia Ch‚nard\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-08-10 20:58:17 45056]
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-17 13:34:01 125624]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2008-08-12 10:37:11 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\lphant\\eLePhantClient.exe"=
"C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15937:TCP"= 15937:TCP:BitComet 15937 TCP
"15937:UDP"= 15937:UDP:BitComet 15937 UDP

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-08-17 11:58]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-08-17 11:58]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-13 13:50]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-08-18 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Olivia Chénard\Application Data\Mozilla\Firefox\Profiles\236cngru.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.google.mozilla.com/firefox&client=firefox-a&rls=com.google.gzfb:fr:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 17:02:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Temps d'accomplissement: 2008-08-18 17:03:48
ComboFix-quarantined-files.txt 2008-08-18 15:03:44
ComboFix2.txt 2008-08-18 09:18:54

Pre-Run: 53,551,693,824 octets libres
Post-Run: 53,552,644,096 octets libres

224 --- E O F --- 2008-08-16 00:16:42

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 18:32  
Groupe Sécurité


1391 Messages

Re,

Si combofix ne détecte pas de Vundo, c'est que les fichiers ne doivent plus être présents. Tu ne l'aurais pas lancé plusieurs fois ?

Connais-tu ceci : C:\autorun.exe ? Si non, supprime le.

Télécharge OTMoveIt (d'Old_Timer) sur ton Bureau.

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous et colle-la dans le cadre de gauche de OTMoveIt: Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\accdd.ini2

C:\WINDOWS\system32\oqtss.ini2

C:\WINDOWS\system32\ISsvDcdd.ini2

C:\WINDOWS\system32\nmllm.bak1

C:\WINDOWS\system32\sstwa.bak1

C:\WINDOWS\system32\rttss.bak1

C:\WINDOWS\system32\ghhkj.bak1

C:\WINDOWS\system32\cdeeg.bak1

C:\WINDOWS\system32\xybeg.bak1

C:\WINDOWS\system32\oqtss.bak2

C:\WINDOWS\system32\cdeeg.bak2

C:\Program Files\Navilog1
C:\VundoFix Backups
C:\SDFix
C:\FOUND.016
C:\FOUND.015
C:\Program Files\Circle Developement
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\hgGvsqoM.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\ssttr.dll

EmptyTemp

Clique sur MoveIt! Pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Exemple:(01282008_131348.log )

Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
Si c'est le cas accepte par Yes.

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 philae  Posté le 18/08/2008 à 22:50  
  Groupe Sécurité


42786 Messages

bonsoir

no.ppp

Juste de passage, je pense qu'il y a infection LOP visible dans le rapport de combo

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 23:12  
Groupe Sécurité


1391 Messages

philae,

Oui oui, j'ai voulu lancer OtMoveIt en premier pour éviter d'oublier par la suite. Mais il y a sûrement du Lop effectivement : C:\Program Files\Circle Development

Merci pour l'intervention

Bonne fin de soirée

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 philae  Posté le 18/08/2008 à 23:14  
  Groupe Sécurité


42786 Messages

bien vu pas de soucis

bonne continuation

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 23:18  
Groupe Sécurité


1391 Messages

Merci, pareillement

Au plaisir de te lire...

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Vally 29  Posté le 18/08/2008 à 23:24  
Petite astucienne

192 Messages

Voici le rapport :

File/Folder not found.
File/Folder C:\WINDOWS\system32\accdd.ini2 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\oqtss.ini2 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\ISsvDcdd.ini2 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\nmllm.bak1 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\sstwa.bak1 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\rttss.bak1 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\ghhkj.bak1 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\cdeeg.bak1 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\xybeg.bak1 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\oqtss.bak2 not found.
File/Folder not found.
File/Folder C:\WINDOWS\system32\cdeeg.bak2 not found.
File/Folder not found.
C:\Program Files\Navilog1\Report moved successfully.
C:\Program Files\Navilog1\Safebackup moved successfully.
C:\Program Files\Navilog1\Backupnavi moved successfully.
C:\Program Files\Navilog1\Contents moved successfully.
C:\Program Files\Navilog1 moved successfully.
C:\VundoFix Backups moved successfully.
C:\SDFix\backups moved successfully.
C:\SDFix\apps\Replace\xp moved successfully.
C:\SDFix\apps\Replace\w2k moved successfully.
C:\SDFix\apps\Replace moved successfully.
C:\SDFix\apps moved successfully.
C:\SDFix moved successfully.
C:\FOUND.016 moved successfully.
C:\FOUND.015 moved successfully.
C:\Program Files\Circle Developement moved successfully.
C:\FOUND.009 moved successfully.
C:\FOUND.008 moved successfully.
C:\FOUND.007 moved successfully.
C:\FOUND.006 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.004 moved successfully.
C:\FOUND.003 moved successfully.
C:\FOUND.002 moved successfully.
C:\FOUND.001 moved successfully.
C:\FOUND.000 moved successfully.
File/Folder C:\WINDOWS\system32\awtss.dll not found.
File/Folder C:\WINDOWS\system32\gebyx.dll not found.
File/Folder C:\WINDOWS\system32\geedc.dll not found.
File/Folder C:\WINDOWS\system32\hgGvsqoM.dll not found.
File/Folder C:\WINDOWS\system32\jkhhg.dll not found.
File/Folder C:\WINDOWS\system32\jkkjj.dll not found.
File/Folder C:\WINDOWS\system32\mllmn.dll not found.
File/Folder C:\WINDOWS\system32\sstqo.dll not found.
File/Folder C:\WINDOWS\system32\ssttr.dll not found.
File/Folder not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DF4076.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DF41D0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-win32-3346.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-awt-win32-3346.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DF26C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DFB64C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DFB699.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\158I9O6T\st[1] scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\74TH7LKT\index[1].htm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\74TH7LKT\client[1].htm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\ZY9B333K\client[1].htm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_184547

Files moved on Reboot...
File C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DF4076.tmp not found!
File C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DF41D0.tmp not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-win32-3346.dll
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-win32-3346.dll NOT unregistered.
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-win32-3346.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-awt-win32-3346.dll
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-awt-win32-3346.dll NOT unregistered.
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\swt-awt-win32-3346.dll moved successfully.
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DF26C0.tmp moved successfully.
File C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DFB64C.tmp not found!
File C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\~DFB699.tmp not found!
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Cookies\index.dat moved successfully.
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\index.dat moved successfully.
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\158I9O6T\st[1] moved successfully.
File C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\74TH7LKT\index[1].htm not found!
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\74TH7LKT\client[1].htm moved successfully.
File C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\ZY9B333K\client[1].htm not found!
C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

en effet j'ai relancé une fois COMBOFIX

Merci

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 18/08/2008 à 23:32  
Groupe Sécurité


1391 Messages

Re,

OK, pourrais-tu me le poster stp ? J'aimerais voir ce qu'il a supprimé.

Fais ceci également :

Désinstalle via "Ajout/Suppression de programmes" (si présents) :

Cid help
Circle Developement
Adverts
Le sponsor de MSN Plus!


Télécharge LopS&D.exe (d'Eric-71 & AngelDark) sur ton bureau (Clique-droit sur le lien > Enregister la cible du lien sous)
Désactive ton antivirus au cas où (tu pourras le réactiver après la fin du scan)
Double-clique sur lopSD pour lancer l'installation
Une fois installé, double-clique Lop S&D
Sélectionne la langue en appuyant sur la touche F, puis choisis l'option 1 (Recherche)
Si lopSD te demande de redémarrer accepte et attends la fin du scan.
Copie/colle le contenu du rapport qui se situe à la racine du DD C:\lopR.txt

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 18/08/2008 à 23:43  
Petite astucienne

192 Messages

Voilà le rapport :


--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Olivia Ch‚nard ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 18/08/2008 | 23:39:01 ] [ PC : OEM-EG7CBW1XEJ7 (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[01/01/2003|00:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/01/2003|00:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2003|00:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2003|00:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[10/07/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/05/2007|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\base axis admin trans
[25/06/2007|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[20/01/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConducteurPrive
[01/01/2003|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[06/05/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DATE FLAG DALE EQ
[01/01/2003|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[15/08/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[17/05/2007|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/12/2007|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[11/08/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[02/04/2008|00:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[17/08/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[17/05/2007|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[01/01/2003|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[18/08/2008|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[03/04/2007|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[13/01/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[09/02/2003|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[12/12/2004|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[18/02/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Samsung
[30/08/2007|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[03/08/2007|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\soap thunk lies soft
[03/08/2007|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great
[11/08/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
[11/02/2008|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SprinterFacile
[04/07/2007|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/08/2008|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[06/05/2007|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/06/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[21/10/2007|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[15/12/2007|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[01/01/2003|00:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[01/01/2003|00:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[17/05/2007|14:17] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Adobe
[10/07/2007|22:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\AdobeAUM
[10/07/2007|22:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\AdobeUM
[20/05/2005|13:01] C:\DOCUME~1\OLIVIA~1\APPLIC~1\ArcSoft
[01/01/2003|00:00] C:\DOCUME~1\OLIVIA~1\APPLIC~1\desktop.ini
[18/07/2007|17:27] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Documents and Settings
[17/05/2007|13:36] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Google
[07/05/2007|17:46] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Help
[06/05/2007|20:32] C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook
[01/01/2003|00:09] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Identities
[27/02/2008|11:10] C:\DOCUME~1\OLIVIA~1\APPLIC~1\IEPro
[19/05/2007|20:47] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Lavasoft
[16/07/2007|11:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Leadertech
[19/08/2007|19:04] C:\DOCUME~1\OLIVIA~1\APPLIC~1\LimeWire
[25/10/2004|19:29] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Macromedia
[17/08/2008|21:51] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Malwarebytes
[01/01/2003|00:00] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Microsoft
[25/10/2004|19:40] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Microsoft Web Folders
[09/03/2008|18:57] C:\DOCUME~1\OLIVIA~1\APPLIC~1\MiniDm
[17/05/2007|14:24] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Motive
[17/05/2007|13:43] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Mozilla
[09/02/2003|16:01] C:\DOCUME~1\OLIVIA~1\APPLIC~1\MSN6
[12/12/2004|20:45] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Nikon
[18/07/2007|16:49] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Real
[12/02/2008|10:47] C:\DOCUME~1\OLIVIA~1\APPLIC~1\SprinterFacile
[01/01/2003|00:13] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Sun
[18/08/2008|00:09] C:\DOCUME~1\OLIVIA~1\APPLIC~1\System
[17/05/2007|13:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Talkback
[30/05/2008|16:21] C:\DOCUME~1\OLIVIA~1\APPLIC~1\TaoUSign
[13/08/2008|13:50] C:\DOCUME~1\OLIVIA~1\APPLIC~1\TuneUp Software
[10/08/2008|20:58] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Webshots



[01/01/2003|00:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[01/01/2003|00:00] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\desktop.ini
[01/01/2003|00:09] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\Identities
[01/01/2003|00:00] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\Microsoft
[01/01/2003|00:13] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\Sun


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[18/08/2008 23:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[18/08/2008 23:33][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[18/08/2008 18:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000000


--------------------\\ Listing des dossiers dans C:\Program Files

[16/08/2008|01:37] C:\Program Files\ActivIcons
[23/03/2005|12:20] C:\Program Files\Adobe
[06/05/2007|20:32] C:\Program Files\Adverts
[10/08/2008|14:28] C:\Program Files\Alwil Software
[18/08/2008|00:10] C:\Program Files\AmimoPlus
[28/04/2008|13:36] C:\Program Files\Atari
[01/01/2003|00:10] C:\Program Files\AvRack
[01/09/2007|21:17] C:\Program Files\BitComet
[15/12/2007|16:57] C:\Program Files\BitDefender
[15/08/2008|10:49] C:\Program Files\BitLord
[15/08/2008|10:38] C:\Program Files\BitLord2
[12/08/2008|10:24] C:\Program Files\BroadJump
[27/02/2007|18:31] C:\Program Files\Bullfrog
[09/02/2003|16:00] C:\Program Files\Canon
[21/10/2007|17:53] C:\Program Files\CDBurnerXP Pro 3
[03/04/2007|21:57] C:\Program Files\Club-Internet
[08/10/2004|00:31] C:\Program Files\Common Files
[01/01/2003|00:04] C:\Program Files\ComPlus Applications
[17/08/2008|11:58] C:\Program Files\Conduit
[16/09/2007|11:37] C:\Program Files\Creative
[01/01/2003|00:12] C:\Program Files\CyberLink
[11/08/2008|09:51] C:\Program Files\DAP
[21/10/2007|18:10] C:\Program Files\DivX
[27/05/2007|12:08] C:\Program Files\Eidos Interactive
[23/03/2005|12:18] C:\Program Files\Empire Interactive
[01/01/2003|00:01] C:\Program Files\Fichiers communs
[01/09/2007|22:56] C:\Program Files\FlashGet
[14/02/2007|15:46] C:\Program Files\Game
[17/05/2007|13:34] C:\Program Files\Google
[10/08/2008|14:26] C:\Program Files\Grisoft
[15/12/2007|15:53] C:\Program Files\hopemessbook
[27/02/2008|11:10] C:\Program Files\IEPro
[01/01/2003|00:10] C:\Program Files\InstallShield Installation Information
[08/10/2004|00:37] C:\Program Files\InterActual
[01/01/2003|00:04] C:\Program Files\Internet Explorer
[27/05/2007|12:46] C:\Program Files\Jane's Combat Simulations
[01/01/2003|00:13] C:\Program Files\Java
[11/08/2008|19:58] C:\Program Files\K-Lite Codec Pack
[01/09/2007|23:46] C:\Program Files\LimeWire
[09/07/2007|20:06] C:\Program Files\Livre Album Fuji Photo
[15/12/2007|15:49] C:\Program Files\Loxane
[17/05/2007|13:54] C:\Program Files\lphant
[16/05/2007|18:17] C:\Program Files\Luxor
[09/11/2007|19:38] C:\Program Files\Mafia
[17/08/2008|21:51] C:\Program Files\Malwarebytes' Anti-Malware
[11/08/2008|20:17] C:\Program Files\Messenger Plus! Live
[06/05/2007|20:32] C:\Program Files\MessengerPlus! 3
[15/05/2007|18:54] C:\Program Files\Micro Scrabble
[16/08/2008|01:20] C:\Program Files\Microangelo Toolset 6
[01/01/2003|00:06] C:\Program Files\microsoft frontpage
[19/08/2007|20:10] C:\Program Files\Microsoft Games
[15/05/2007|12:42] C:\Program Files\Microsoft LifeCam
[25/10/2004|18:37] C:\Program Files\Microsoft Office
[03/11/2007|02:59] C:\Program Files\Microsoft SQL Server Compact Edition
[18/08/2008|17:24] C:\Program Files\Microsoft Visual Studio
[18/08/2008|17:19] C:\Program Files\Microsoft Visual Studio 8
[18/08/2008|17:26] C:\Program Files\Microsoft Works
[18/08/2008|17:22] C:\Program Files\Microsoft.NET
[12/08/2008|10:37] C:\Program Files\Motive
[03/11/2007|04:54] C:\Program Files\Motive(2)
[01/01/2003|00:04] C:\Program Files\Movie Maker
[17/05/2007|13:35] C:\Program Files\Mozilla Firefox
[18/08/2008|17:25] C:\Program Files\MSBuild
[15/12/2007|15:43] C:\Program Files\MSN
[01/01/2003|00:03] C:\Program Files\MSN Gaming Zone
[17/05/2007|15:42] C:\Program Files\MSN Messenger
[04/02/2005|18:02] C:\Program Files\MSXML 4.0
[01/01/2003|00:04] C:\Program Files\NetMeeting
[01/01/2003|00:12] C:\Program Files\NewTech Infosystems
[12/12/2004|20:13] C:\Program Files\Nikon
[01/01/2003|00:04] C:\Program Files\Outlook Express
[12/09/2007|14:55] C:\Program Files\Picasa2
[18/07/2007|16:49] C:\Program Files\Real
[01/01/2003|00:10] C:\Program Files\Realtek Sound Manager
[16/05/2007|18:16] C:\Program Files\ReflexiveArcade
[06/05/2007|20:22] C:\Program Files\RegCleaner
[12/09/2007|14:47] C:\Program Files\Registry Helper
[04/07/2007|20:27] C:\Program Files\Registry Mechanic
[05/02/2006|11:25] C:\Program Files\Samsung
[01/01/2003|00:03] C:\Program Files\Services en ligne
[30/08/2007|02:48] C:\Program Files\Skype
[17/08/2008|11:58] C:\Program Files\SpeedBit Video Accelerator
[17/08/2008|11:58] C:\Program Files\SpeedBitPlus
[18/08/2008|00:09] C:\Program Files\Super-Motus
[15/12/2007|15:49] C:\Program Files\T‚l‚chargeur de 7 Sins
[15/12/2007|15:49] C:\Program Files\T‚l‚chargeur de Tom Clancy Splinter Cell
[18/08/2008|01:15] C:\Program Files\TorrentMan
[13/08/2008|13:49] C:\Program Files\TuneUp Utilities 2008
[14/02/2007|16:13] C:\Program Files\TUTORIAL.sc3
[01/01/2003|00:09] C:\Program Files\Uninstall Information
[15/08/2008|10:31] C:\Program Files\VirginMega
[10/08/2008|20:58] C:\Program Files\Webshots
[03/11/2007|02:58] C:\Program Files\Windows Desktop Search
[21/10/2007|16:41] C:\Program Files\Windows Live
[13/01/2008|20:22] C:\Program Files\Windows Live Favorites
[24/06/2007|17:57] C:\Program Files\Windows Live Toolbar
[18/05/2007|16:05] C:\Program Files\Windows Media Connect 2
[01/01/2003|00:03] C:\Program Files\Windows Media Player
[01/01/2003|00:03] C:\Program Files\Windows NT
[01/01/2003|00:03] C:\Program Files\WindowsUpdate
[01/01/2003|00:06] C:\Program Files\xerox
[17/05/2007|13:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[23/03/2005|12:20] C:\Program Files\Fichiers communs\Adobe
[15/12/2007|16:57] C:\Program Files\Fichiers communs\BitDefender
[18/08/2008|17:24] C:\Program Files\Fichiers communs\DESIGNER
[09/04/2006|12:10] C:\Program Files\Fichiers communs\DirectX
[01/01/2003|00:09] C:\Program Files\Fichiers communs\InstallShield
[01/01/2003|00:13] C:\Program Files\Fichiers communs\Java
[01/01/2003|00:01] C:\Program Files\Fichiers communs\Microsoft Shared
[03/04/2007|22:01] C:\Program Files\Fichiers communs\Motive
[01/01/2003|00:04] C:\Program Files\Fichiers communs\MSSoap
[12/12/2004|20:11] C:\Program Files\Fichiers communs\Nikon
[01/01/2003|00:01] C:\Program Files\Fichiers communs\ODBC
[18/07/2007|16:49] C:\Program Files\Fichiers communs\Real
[04/02/2008|14:04] C:\Program Files\Fichiers communs\ReparateurDeSysteme
[01/01/2003|00:04] C:\Program Files\Fichiers communs\Services
[01/01/2003|00:01] C:\Program Files\Fichiers communs\SpeechEngines
[17/05/2007|13:37] C:\Program Files\Fichiers communs\Symantec Shared
[01/01/2003|00:04] C:\Program Files\Fichiers communs\System
[13/01/2008|21:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[13/08/2008|13:48] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 44 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook
C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\fgakjknd.exe
C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\OwnsBalmBone.exe
C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\Software bone dupe funk.exe
C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\cmvqbjwg.exe
C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\wnftssln.exe
C:\Program Files\hopemessbook
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soap thunk lies soft
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great
C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\close stop.exe
C:\Program Files\Adverts
C:\DOCUME~1\OLIVIA~1\Cookies\olivia_chénard@advertising[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 23:41:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\OLIVIA~1\Recent\Crack.lnk


[F:8][D:15]-> C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp
[F:197][D:0]-> C:\DOCUME~1\OLIVIA~1\Cookies
[F:169][D:4]-> C:\DOCUME~1\OLIVIA~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

--------------------\\ Fin du rapport a 23:42:11,43

mERCI

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 19/08/2008 à 00:29  
Groupe Sécurité


1391 Messages

On enchaîne.

  • Ouvre "Ajout/Suppressions de programmes"
  • Clique sur "MSN Plus! 3"
  • Clique sur "Supprimer"
  • une fenêtre s'ouvre, sélectionne "Désinstaller le sponsor uniquement"
  • Clique sur le bouton "Désinstaller" en bas à droite de la fenêtre et laisse toi guider.

Relance LopS&D
Choisis l'option 2
Copie/colle le rapport (C:\lopR.txt)

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 19/08/2008 à 11:22  
Petite astucienne

192 Messages

Bonjour no.ppp,

Voilà le rapport :


--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Olivia Ch‚nard ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 19/08/2008 | 11:17:13 ] [ PC : OEM-EG7CBW1XEJ7 (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\fgakjknd.exe
Supprime! - C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\OwnsBalmBone.exe
Supprime! - C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\Software bone dupe funk.exe
Supprime! - C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\cmvqbjwg.exe
Supprime! - C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook\wnftssln.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\close stop.exe
Supprime! - C:\DOCUME~1\OLIVIA~1\APPLIC~1\hopemessbook
Supprime! - C:\Program Files\hopemessbook
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soap thunk lies soft
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[01/01/2003|00:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/01/2003|00:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2003|00:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2003|00:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[10/07/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/05/2007|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\base axis admin trans
[25/06/2007|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[20/01/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConducteurPrive
[01/01/2003|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[06/05/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DATE FLAG DALE EQ
[01/01/2003|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[15/08/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[17/05/2007|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/12/2007|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[11/08/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[02/04/2008|00:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[17/08/2008|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[17/05/2007|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[01/01/2003|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[18/08/2008|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[03/04/2007|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[13/01/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[09/02/2003|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[12/12/2004|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[18/02/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Samsung
[30/08/2007|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[11/08/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
[11/02/2008|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SprinterFacile
[04/07/2007|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/08/2008|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[06/05/2007|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/06/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[21/10/2007|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[15/12/2007|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[01/01/2003|00:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[01/01/2003|00:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[17/05/2007|14:17] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Adobe
[10/07/2007|22:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\AdobeAUM
[10/07/2007|22:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\AdobeUM
[20/05/2005|13:01] C:\DOCUME~1\OLIVIA~1\APPLIC~1\ArcSoft
[01/01/2003|00:00] C:\DOCUME~1\OLIVIA~1\APPLIC~1\desktop.ini
[18/07/2007|17:27] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Documents and Settings
[17/05/2007|13:36] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Google
[07/05/2007|17:46] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Help
[01/01/2003|00:09] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Identities
[27/02/2008|11:10] C:\DOCUME~1\OLIVIA~1\APPLIC~1\IEPro
[19/05/2007|20:47] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Lavasoft
[16/07/2007|11:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Leadertech
[19/08/2007|19:04] C:\DOCUME~1\OLIVIA~1\APPLIC~1\LimeWire
[25/10/2004|19:29] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Macromedia
[17/08/2008|21:51] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Malwarebytes
[01/01/2003|00:00] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Microsoft
[25/10/2004|19:40] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Microsoft Web Folders
[09/03/2008|18:57] C:\DOCUME~1\OLIVIA~1\APPLIC~1\MiniDm
[17/05/2007|14:24] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Motive
[17/05/2007|13:43] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Mozilla
[09/02/2003|16:01] C:\DOCUME~1\OLIVIA~1\APPLIC~1\MSN6
[12/12/2004|20:45] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Nikon
[18/07/2007|16:49] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Real
[12/02/2008|10:47] C:\DOCUME~1\OLIVIA~1\APPLIC~1\SprinterFacile
[01/01/2003|00:13] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Sun
[18/08/2008|00:09] C:\DOCUME~1\OLIVIA~1\APPLIC~1\System
[17/05/2007|13:44] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Talkback
[30/05/2008|16:21] C:\DOCUME~1\OLIVIA~1\APPLIC~1\TaoUSign
[13/08/2008|13:50] C:\DOCUME~1\OLIVIA~1\APPLIC~1\TuneUp Software
[10/08/2008|20:58] C:\DOCUME~1\OLIVIA~1\APPLIC~1\Webshots



[01/01/2003|00:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[01/01/2003|00:00] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\desktop.ini
[01/01/2003|00:09] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\Identities
[01/01/2003|00:00] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\Microsoft
[01/01/2003|00:13] C:\DOCUME~1\ADMINI~1.OEM\APPLIC~1\Sun


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[19/08/2008 11:03][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[19/08/2008 02:33][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[19/08/2008 11:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000


--------------------\\ Listing des dossiers dans C:\Program Files

[16/08/2008|01:37] C:\Program Files\ActivIcons
[23/03/2005|12:20] C:\Program Files\Adobe
[10/08/2008|14:28] C:\Program Files\Alwil Software
[18/08/2008|00:10] C:\Program Files\AmimoPlus
[28/04/2008|13:36] C:\Program Files\Atari
[01/01/2003|00:10] C:\Program Files\AvRack
[01/09/2007|21:17] C:\Program Files\BitComet
[15/12/2007|16:57] C:\Program Files\BitDefender
[15/08/2008|10:49] C:\Program Files\BitLord
[15/08/2008|10:38] C:\Program Files\BitLord2
[12/08/2008|10:24] C:\Program Files\BroadJump
[27/02/2007|18:31] C:\Program Files\Bullfrog
[09/02/2003|16:00] C:\Program Files\Canon
[21/10/2007|17:53] C:\Program Files\CDBurnerXP Pro 3
[03/04/2007|21:57] C:\Program Files\Club-Internet
[08/10/2004|00:31] C:\Program Files\Common Files
[01/01/2003|00:04] C:\Program Files\ComPlus Applications
[17/08/2008|11:58] C:\Program Files\Conduit
[16/09/2007|11:37] C:\Program Files\Creative
[01/01/2003|00:12] C:\Program Files\CyberLink
[11/08/2008|09:51] C:\Program Files\DAP
[21/10/2007|18:10] C:\Program Files\DivX
[27/05/2007|12:08] C:\Program Files\Eidos Interactive
[23/03/2005|12:18] C:\Program Files\Empire Interactive
[01/01/2003|00:01] C:\Program Files\Fichiers communs
[01/09/2007|22:56] C:\Program Files\FlashGet
[14/02/2007|15:46] C:\Program Files\Game
[17/05/2007|13:34] C:\Program Files\Google
[10/08/2008|14:26] C:\Program Files\Grisoft
[27/02/2008|11:10] C:\Program Files\IEPro
[01/01/2003|00:10] C:\Program Files\InstallShield Installation Information
[08/10/2004|00:37] C:\Program Files\InterActual
[01/01/2003|00:04] C:\Program Files\Internet Explorer
[27/05/2007|12:46] C:\Program Files\Jane's Combat Simulations
[01/01/2003|00:13] C:\Program Files\Java
[11/08/2008|19:58] C:\Program Files\K-Lite Codec Pack
[01/09/2007|23:46] C:\Program Files\LimeWire
[09/07/2007|20:06] C:\Program Files\Livre Album Fuji Photo
[15/12/2007|15:49] C:\Program Files\Loxane
[17/05/2007|13:54] C:\Program Files\lphant
[16/05/2007|18:17] C:\Program Files\Luxor
[09/11/2007|19:38] C:\Program Files\Mafia
[17/08/2008|21:51] C:\Program Files\Malwarebytes' Anti-Malware
[11/08/2008|20:17] C:\Program Files\Messenger Plus! Live
[06/05/2007|20:32] C:\Program Files\MessengerPlus! 3
[15/05/2007|18:54] C:\Program Files\Micro Scrabble
[16/08/2008|01:20] C:\Program Files\Microangelo Toolset 6
[01/01/2003|00:06] C:\Program Files\microsoft frontpage
[19/08/2007|20:10] C:\Program Files\Microsoft Games
[15/05/2007|12:42] C:\Program Files\Microsoft LifeCam
[25/10/2004|18:37] C:\Program Files\Microsoft Office
[03/11/2007|02:59] C:\Program Files\Microsoft SQL Server Compact Edition
[18/08/2008|17:24] C:\Program Files\Microsoft Visual Studio
[18/08/2008|17:19] C:\Program Files\Microsoft Visual Studio 8
[18/08/2008|17:26] C:\Program Files\Microsoft Works
[18/08/2008|17:22] C:\Program Files\Microsoft.NET
[12/08/2008|10:37] C:\Program Files\Motive
[03/11/2007|04:54] C:\Program Files\Motive(2)
[01/01/2003|00:04] C:\Program Files\Movie Maker
[17/05/2007|13:35] C:\Program Files\Mozilla Firefox
[18/08/2008|17:25] C:\Program Files\MSBuild
[15/12/2007|15:43] C:\Program Files\MSN
[01/01/2003|00:03] C:\Program Files\MSN Gaming Zone
[17/05/2007|15:42] C:\Program Files\MSN Messenger
[04/02/2005|18:02] C:\Program Files\MSXML 4.0
[01/01/2003|00:04] C:\Program Files\NetMeeting
[01/01/2003|00:12] C:\Program Files\NewTech Infosystems
[12/12/2004|20:13] C:\Program Files\Nikon
[01/01/2003|00:04] C:\Program Files\Outlook Express
[12/09/2007|14:55] C:\Program Files\Picasa2
[18/07/2007|16:49] C:\Program Files\Real
[01/01/2003|00:10] C:\Program Files\Realtek Sound Manager
[16/05/2007|18:16] C:\Program Files\ReflexiveArcade
[06/05/2007|20:22] C:\Program Files\RegCleaner
[12/09/2007|14:47] C:\Program Files\Registry Helper
[04/07/2007|20:27] C:\Program Files\Registry Mechanic
[05/02/2006|11:25] C:\Program Files\Samsung
[01/01/2003|00:03] C:\Program Files\Services en ligne
[30/08/2007|02:48] C:\Program Files\Skype
[17/08/2008|11:58] C:\Program Files\SpeedBit Video Accelerator
[17/08/2008|11:58] C:\Program Files\SpeedBitPlus
[18/08/2008|00:09] C:\Program Files\Super-Motus
[15/12/2007|15:49] C:\Program Files\T‚l‚chargeur de 7 Sins
[15/12/2007|15:49] C:\Program Files\T‚l‚chargeur de Tom Clancy Splinter Cell
[18/08/2008|01:15] C:\Program Files\TorrentMan
[13/08/2008|13:49] C:\Program Files\TuneUp Utilities 2008
[14/02/2007|16:13] C:\Program Files\TUTORIAL.sc3
[01/01/2003|00:09] C:\Program Files\Uninstall Information
[15/08/2008|10:31] C:\Program Files\VirginMega
[10/08/2008|20:58] C:\Program Files\Webshots
[03/11/2007|02:58] C:\Program Files\Windows Desktop Search
[21/10/2007|16:41] C:\Program Files\Windows Live
[13/01/2008|20:22] C:\Program Files\Windows Live Favorites
[24/06/2007|17:57] C:\Program Files\Windows Live Toolbar
[18/05/2007|16:05] C:\Program Files\Windows Media Connect 2
[01/01/2003|00:03] C:\Program Files\Windows Media Player
[01/01/2003|00:03] C:\Program Files\Windows NT
[01/01/2003|00:03] C:\Program Files\WindowsUpdate
[01/01/2003|00:06] C:\Program Files\xerox
[17/05/2007|13:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[23/03/2005|12:20] C:\Program Files\Fichiers communs\Adobe
[15/12/2007|16:57] C:\Program Files\Fichiers communs\BitDefender
[18/08/2008|17:24] C:\Program Files\Fichiers communs\DESIGNER
[09/04/2006|12:10] C:\Program Files\Fichiers communs\DirectX
[01/01/2003|00:09] C:\Program Files\Fichiers communs\InstallShield
[01/01/2003|00:13] C:\Program Files\Fichiers communs\Java
[01/01/2003|00:01] C:\Program Files\Fichiers communs\Microsoft Shared
[03/04/2007|22:01] C:\Program Files\Fichiers communs\Motive
[01/01/2003|00:04] C:\Program Files\Fichiers communs\MSSoap
[12/12/2004|20:11] C:\Program Files\Fichiers communs\Nikon
[01/01/2003|00:01] C:\Program Files\Fichiers communs\ODBC
[18/07/2007|16:49] C:\Program Files\Fichiers communs\Real
[04/02/2008|14:04] C:\Program Files\Fichiers communs\ReparateurDeSysteme
[01/01/2003|00:04] C:\Program Files\Fichiers communs\Services
[01/01/2003|00:01] C:\Program Files\Fichiers communs\SpeechEngines
[17/05/2007|13:37] C:\Program Files\Fichiers communs\Symantec Shared
[01/01/2003|00:04] C:\Program Files\Fichiers communs\System
[13/01/2008|21:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[13/08/2008|13:48] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 43 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\OLIVIA~1\Cookies\olivia_chénard@advertising[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 11:19:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\OLIVIA~1\Recent\Crack.lnk


[F:21][D:15]-> C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp
[F:205][D:0]-> C:\DOCUME~1\OLIVIA~1\Cookies
[F:777][D:4]-> C:\DOCUME~1\OLIVIA~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\Recycled

--------------------\\ Fin du rapport a 11:21:10,09

merci

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 no.ppp  Posté le 19/08/2008 à 11:36  
Groupe Sécurité


1391 Messages

Bonjour,

Tu n'as pas désinstallé le sponsor MSN plus. Fais le impérativement, l'infection se régénérera sinon.

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous et colle-la dans le cadre de gauche de OTMoveIt: Paste List of Files/Folders to be moved.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\base axis admin trans
C:\DOCUME~1\ALLUSE~1\APPLIC~1\DATE FLAG DALE EQ

C:\DOCUME~1\OLIVIA~1\Recent\Crack.lnk



Clique sur MoveIt! Pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Exemple:(01282008_131348.log )

Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
Si c'est le cas accepte par Yes.

Afficher le profil de no.ppp Voir la configuration de no.pppEnvoyer un message privé à no.ppp
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Vally 29  Posté le 19/08/2008 à 11:55  
Petite astucienne

192 Messages

Ci-joint le rapport, j'ai supprimé msn sponsor

C:\DOCUME~1\ALLUSE~1\APPLIC~1\base axis admin trans moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\DATE FLAG DALE EQ moved successfully.
File/Folder not found.
C:\DOCUME~1\OLIVIA~1\Recent\Crack.lnk moved successfully.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08192008_115316

mERCI

Afficher le profil de Vally 29 Voir la configuration de Vally 29Envoyer un message privé à Vally 29
  Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Haut de la page 
2 pages : [1] 2 ... Fin
Haut de la page Page Précédente Page Suivante 
Inscrivez-vous !
- Posez vos questions

- Résolvez vos problèmes

- Aidez les autres

- Participez et créez vos discussions

- Dialoguez en privé avec d'autres membres

- Suivez vos sujets préférés

- Affichez les signatures des membres

TOUT EST GRATUIT !

Je crée mon compte




Les sujets pertinents liés
Fonctionnalité en cours d'optimisation.

Veuillez nous excuser pour la gêne occasionnée.
 
Vous avez besoin d'aide ?
Des centaines d'experts sont à votre disposition sur les forums PC Astuces pour vous aider gratuitement, 24h/24, 7j/7.

Les derniers sujets résolus !

 > Tous les forumsSécurité

 
Forum PC Astuces© 1997-2009 WebastucesAller en haut de la page