tandouri

Euuhh comment je fais alors? lol Pr Horus, la liste apparait bien en blanc..

Bonsoir, J'ai reussi a bloquer les 2 sites mais pas celui ci : http://fr.skyrock.com/blog/ Du cout l'accès au site n'est pa vraiment bloquer.. Ce n'est pa une série de 0 mais la série suivante qui s'affiche : " 127.0.0.1 " Est ce que c'est différent? ou il n'y a pas d'importance? Merci pour votre aide, et désoler d'avoir répondu aussi tardivement :s

bonsoir androme! J'ai installé adblock plus, problème : il n'est pas indiqué comment bloquée les sites tendance sexuelle, ni les tchat.. J'ai reussi a bloquée skyblog.com mais l'accès avec l'url skyrock.com est toujours disponible, meme quand je bloque le site.. DU cout je suis un peux au même point Merci pour vos aides, bonne soirée

Bonjour, Merci oGu Alr j'ai installé le fichier Host. J'ai reussi a bloqué des sites mais certain non par exemple : http://www.skyrock.com/blog/ ou encore http://www.skyrock.com/blog/?connect=1 J'ai essayé en mettant www.skyblog.com mais tjr rien.. Comment je peux faire? Ensuite pour bloquer tout les chat, comment je peux faire?Faut il bloquer site par site ( jspr ke non sinn j'en aurai jms fini lol)? Merci bcp pour votre aide !!

Euh non je ne connais pas , j'suis pas trop une pro de l'infrmatique Je voudrais bloquer les sites de chat, de rencontre...Et des sites a tendance sexuelle, porno tout ce qui est pas très catholique quoi.. AInsi que des sites précis, par exemple si je peux bloqué des site juste en mettant leur Url ex: http://www.zebulon.fr J'ai reussi avec internet explorer sans pb.

Bonjour,, J'ai essayé de chercher sur le forum, sur le net etc mais en vain je n'ai pas trouvé comment faire pour renforcé la sécurité sur moxilla. Je ne sais pas quel extention installé.. Je voudrais pouvoir completement bloquer l'acces a certain site... Est ce que quelq'un pourait m'aidet svp? Merci

Bonjour !! Je souhaite m'acheter un pc portable, j'aurais besoin de conseil..Connaissant pas grd chose sur les ordinateur, ni la memoire... Le pc sera utilisé pour internet, traitement de texte, sauvegarde de fichier ( video courte, doc, photos)... Un pc pas luxueu quoi, maximum 500€ J'ai regardé dans diffents site il y a deux pc interessants http://www.surcouf.com/Catalogue/FicheProd...product=9653478 http://www.darty.com/nav/achat/multimedia/...able/index.html Quel est la différence entre les deux pc?? au niveau de la mémoire, qualité etc.. Merci de votre aide Bonne soirée

C'est fait !! UN GRAND MERCI ANGELIQUE :P

Désolé pour cette absence.. Je n'ai aps reussi a mettre a jour Java, il me dise que le progrramme est en cour d'execution ( this programme is already running) donc tu coup je en peux pas suivr la procédure que tu me donnes..:s Merci encore

pour le piont de restauration c'est bon j'ai pu en crée un merci

ah merci !! Alors c'était " afficher les element du bureau" qui n'était pas coché...Le pc est réglé Tout est réglé il me semble non? aah une petit chose encore lol , depuis que j'ai installé installe IE7 les pages d'internet explorer est un peu flou... pour firefox je n'ai aucun problème:) Merci pour ton aide c'est vrmnt sympa de ta part

Alr j'ai suivi toute la procédure que tu m'as donné juste j'ia aps reussi a créer un nvo point de restauration ( le lien que tu m'as donné ne fonctionnais pas ) Ensuite j'ai un petit soucis les élément du bureau de s'affiche pas je ne sais pas pourquoi.. qu'est ce que je dois faire :$ Je te poste le raport de hijackthis, je te remercie encore une fois pour ton aide angélique Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:38, on 18/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.812\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6308 bytes

Le scanne vien de finir je te porte le rapport. Merci encore angélique Avira AntiVir Personal Report file date: mardi 16 septembre 2008 20:33 Scanning for 1619498 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: TASLEEM Computer name: TASLIM Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 22:44:04 ANTIVIR3.VDF : 7.0.6.166 109056 Bytes 16/09/2008 16:28:41 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 15/09/2008 22:44:12 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 15/09/2008 22:44:11 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 15/09/2008 22:44:10 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 15/09/2008 22:44:10 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 15/09/2008 22:44:07 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 15/09/2008 22:44:06 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 15/09/2008 22:44:05 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: A:, C:, D:, E:, F:, G:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 16 septembre 2008 20:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'A:\' [iNFO] In the drive 'A:\' no data medium is inserted! Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '41' files ). Starting the file scan: Begin scan in 'A:\' Search path A:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Qoobox\Quarantine\C\Program Files\dbar\basis.xml.vir [DETECTION] Is the TR/Horse.JY Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe.vir [DETECTION] Is the TR/XPAntivirus.AJ Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\Program Files\rhcp5kj0ege5\Uninstall.exe.vir [DETECTION] Is the TR/Agent.abvh Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\a.exe.vir [DETECTION] Is the TR/Dldr.Small.aces Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\lphct5kj0ege5.exe.vir [DETECTION] Contains a recognition pattern of the (harmful) BDS/Frauder.AT back-door program [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\phct5kj0ege5.bmp.vir [DETECTION] Is the TR/Fakealert.AAF Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\pphct5kj0ege5.exe.vir [DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\sysrest32.exe.vir [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir [DETECTION] Contains recognition pattern of the RKIT/Clbd.JG root kit [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssl.dll.vir [DETECTION] Is the TR/Dldr.Small.acpi Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\tdsslog.dll.vir [DETECTION] Is the TR/Injector.Light.B Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir [DETECTION] Is the TR/Injector.Light.C Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssserf.dll.vir [DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\tdssserv.sys.vir [DETECTION] Is the TR/Peed.A.732 Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Search path D:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'F:\' <Données> Begin scan in 'G:\' Search path G:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. End of the scan: mardi 16 septembre 2008 22:39 Used time: 2:06:28 Hour(s) The scan has been done completely. 14621 Scanning directories 395738 Files were scanned 14 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 14 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 395722 Files not concerned 5388 Archives were scanned 2 Warnings 14 Notes

Pour l'analyse malware, celle d'antivir je vais faire le scanne et je te le poste, merci encore pour ton aide : Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1158 Windows 5.1.2600 Service Pack 2 15/09/2008 23:52:34 mbam-log-2008-09-15 (23-52-34).txt Type de recherche: Examen rapide Eléments examinés: 46479 Temps écoulé: 4 minute(s), 58 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 42 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 7 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Settings\Application Data (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Settings\TASLEEM (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Talha\Application Data\Deskbar_{A287A2A1-E736-43b1-83DD-CCC1BA9029E9} (Adware.SoftMate) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Talha\Application Data\Deskbar_{A287A2A1-E736-43b1-83DD-CCC1BA9029E9}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully. C:\WINDOWS\system32\npqss.tmp (Malware.Trace) -> Quarantined and deleted successfully.

lol pas grave si tu l'avais zappé alors je vais te posterles analyse, je vais faire une analyse par poste je pense que sa sera plus facile pour toi donc, pour la 1ere celle avec conbofix : ComboFix 08-09-15.01 - TASLEEM 2008-09-15 22:39:04.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.70 [GMT 2:00] Lancé depuis: C:\Documents and Settings\TASLEEM\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\TASLEEM\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\TASLEEM\Application Data\EoRezo C:\Documents and Settings\TASLEEM\Application Data\EoRezo\cmhost.cyp C:\Documents and Settings\TASLEEM\Application Data\EoRezo\ConfMedia.cyp C:\Documents and Settings\TASLEEM\Application Data\EoRezo\db\cat.cyp C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoDesktop\config.xml C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoDesktop\eoDesktop.html C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoDesktop\userConfig.xml C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoStats\eoStats.txt C:\Documents and Settings\TASLEEM\Application Data\EoRezo\host.cyp C:\Documents and Settings\TASLEEM\Application Data\EoRezo\user.cyp C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\TASLEEM\Cookies\tasleem@bluestreak[2].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@metrixlablw.customers.luna[2].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@serving-sys[1].txt C:\Program Files\dbar C:\Program Files\EoRezo C:\Program Files\EoRezo\EoAdv\eoAdv.url C:\Program Files\EoRezo\EoAdv\EoRezoBho.old C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9046 C:\Program Files\rhcp5kj0ege5 C:\Program Files\rhcp5kj0ege5\database.dat C:\Program Files\rhcp5kj0ege5\license.txt C:\Program Files\rhcp5kj0ege5\MFC71.dll C:\Program Files\rhcp5kj0ege5\MFC71ENU.DLL C:\Program Files\rhcp5kj0ege5\msvcp71.dll C:\Program Files\rhcp5kj0ege5\msvcr71.dll C:\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe C:\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe.local C:\Program Files\rhcp5kj0ege5\Uninstall.exe C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs C:\WINDOWS\system32\tdssserf.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 )))))))))))))))))))))))))))))))))))) . 2008-09-10 19:52 . 2008-09-10 19:52 <REP> d-------- C:\Program Files\Avira 2008-09-07 17:35 . 2008-09-07 17:35 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-09-05 19:30 . 2008-09-05 19:42 <REP> d-------- C:\HJT 2008-08-31 22:30 . 2008-08-31 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-31 19:08 . 2008-08-31 19:08 <REP> d-------- C:\Program Files\Panda Security 2008-08-30 23:38 . 2008-09-10 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-30 20:20 . 2008-09-14 21:55 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-08-15 16:32 . 2008-09-15 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-15 20:15 --------- d-----w C:\Program Files\Yahoo! 2008-09-15 20:10 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-09-15 20:01 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\OpenOffice.org2 2008-09-15 14:55 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\Yahoo! 2008-09-06 22:12 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-09-06 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-06 19:01 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\U3 2008-08-25 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-25 16:59 --------- d-----w C:\Program Files\FaxTools 2008-08-25 16:57 --------- d-----w C:\Program Files\Gamenext 2008-08-15 14:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-15 14:32 --------- d-----w C:\Program Files\Google 2008-08-07 17:10 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\Planit International 2008-08-07 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Planit Fusion Live Hygena 2008-07-28 00:39 --------- d-----w C:\Program Files\ItsLabel 2008-07-26 11:21 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\ItsLabel 2008-07-21 19:15 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\dvdcss 2007-05-11 00:49 0 -c--a-w C:\Program Files\acs3DB.tmp 2007-03-25 20:54 6,820,520 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe 2006-04-08 16:21 3,216,424 ----a-w C:\Documents and Settings\TASLEEM\picasa2-setup-1877.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-06_21.35.58.93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 01:00:12 135,168 -c--a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-09-10 15:54:32 135,168 ----a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-06-02 01:00:13 40,960 -c--a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2008-09-10 15:54:32 40,960 ----a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-11-02 08:47:38 83,496 ----a-w C:\WINDOWS\system32\drivers\s916bus.sys + 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916cm.sys + 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916cmnt.sys + 2007-11-02 08:47:38 15,016 ----a-w C:\WINDOWS\system32\drivers\s916mdfl.sys + 2007-11-02 08:47:38 109,992 ----a-w C:\WINDOWS\system32\drivers\s916mdm.sys + 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916wh.sys + 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916whnt.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys - 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll + 2008-06-24 16:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll + 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll + 2008-04-15 17:56:59 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] C:\Documents and Settings\Talha\Menu D‚marrer\Programmes\D‚marrage\ Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-08-13 5484544] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Talha^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk] path=C:\Documents and Settings\Talha\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk backup=C:\WINDOWS\pss\Club Internet.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-07 15:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Documents and Settings\\TASLEEM\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547] S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576] S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0766c892-562b-11dc-b626-0014a41f60a1}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f3b5506-8d59-11dc-b6a2-0014a41f60a1}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4f4f9e-0def-11dc-b5ad-0014a41f60a1}] \Shell\AutoRun\command - G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc53b23b-a4bf-11db-b416-0014a41f60a1}] \Shell\AutoRun\command - H:\autorun.exe \Shell\explore\Command - H:\autorun.exe -e \Shell\open\Command - H:\autorun.exe . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-15 22:53:57 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . Heure de fin: 2008-09-15 23:09:02 ComboFix-quarantined-files.txt 2008-09-15 21:07:58 ComboFix2.txt 2008-09-06 19:37:19 Avant-CF: 5,380,083,712 octets libres AprŠs-CF: 6,370,029,568 octets libres 214 --- E O F --- 2008-09-10 15:54:34

on m'a oublié? lol

Merci pour ton aide Angélique ( dsl de ne pas avoir repondu plus tot j'étais un peu prise ces derier tps.. j'ai reussi a crée un compte aussi ) Alr l'anti virus je l'avais supprimé..on m'avais dis de le faire pour suivre la procédure etc c'est pas vraimnt en option lol :$ " Antivirus Xp 2008" a été supprimé grace a ton aide merci encore Je te poste le rapport de l'analyse .. au passage j'ai l'écran tout bleu et rien de s'affiche sur le bureau,, c'est mauvais signe non? :s Merci encore Angélique ComboFix 08-09-05.02 - TASLEEM 2008-09-06 21:02:40.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.132 [GMT 2:00] Endroit: C:\Documents and Settings\TASLEEM\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 C:\Documents and Settings\All Users\Application Data\salesmonitor C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\SOFIA\Cookies\sofia@edt02[2].txt C:\Documents and Settings\SOFIA\Cookies\sofia@tracker.affistats[2].txt C:\Documents and Settings\Talha\Cookies\talha@edt02[4].txt C:\Documents and Settings\Talha\Cookies\talha@libresystem[1].txt C:\Documents and Settings\Talha\Cookies\talha@news.fr.msn[2].txt C:\Documents and Settings\Talha\Cookies\talha@reparateurdesysteme[1].txt C:\Documents and Settings\Talha\ResErrors.log C:\Documents and Settings\TASLEEM\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk C:\Documents and Settings\TASLEEM\Application Data\rhcp5kj0ege5 C:\Documents and Settings\TASLEEM\Application Data\WeatherDPA C:\Documents and Settings\TASLEEM\Application Data\WeatherDPA\Weather\log.txt C:\Documents and Settings\TASLEEM\Application Data\WeatherDPA\Weather\WeatherStartup.xml C:\Documents and Settings\TASLEEM\Cookies\tasleem@clickintext[1].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@edt02[1].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@news.fr.msn[2].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@trafiz[2].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@web[1].txt C:\Documents and Settings\TASLEEM\Cookies\tasleem@www.toutpourlamicro[1].txt C:\Documents and Settings\TASLEEM\new.txt C:\Documents and Settings\TASLEEM\ResErrors.log C:\Program Files\dbar\basis.xml C:\Program Files\dbar\channel.tmpl C:\Program Files\dbar\content.tmpl C:\Program Files\dbar\date.tmpl C:\Program Files\dbar\deskbar.crc C:\Program Files\dbar\edit_rss.tmpl C:\Program Files\dbar\logo.bmp C:\Program Files\dbar\mbback.bmp C:\Program Files\dbar\mbbigopen.bmp C:\Program Files\dbar\mbclose.bmp C:\Program Files\dbar\mbfwd.bmp C:\Program Files\dbar\mblogo.bmp C:\Program Files\dbar\mbsep.bmp C:\Program Files\dbar\nav1.bmp C:\Program Files\dbar\nav2.bmp C:\Program Files\dbar\new_alert.tmpl C:\Program Files\dbar\Thumbs.db C:\Program Files\dbar\version.txt C:\Program Files\Hotbar C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\chrome.manifest C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll C:\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll C:\Program Files\Hotbar\bin\10.0.356.0\link.ico C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe C:\Program Files\Hotbar\bin\10.0.356.0\WeSkin.dll C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Uninst.exe C:\Program Files\winvi C:\Program Files\winvi\dsktp\AC_RunActiveContent.js C:\Program Files\winvi\dsktp\desktop.html C:\Program Files\winvi\dsktp\internetDetection.swf C:\Program Files\winvi\dsktp\settings.sol C:\WINDOWS\BM0bdb957c.txt C:\WINDOWS\BM0bdb957c.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\adbsmekl.ini C:\WINDOWS\system32\afrwmwmj.ini C:\WINDOWS\system32\ajshxgut.ini2 C:\WINDOWS\system32\ajshxgut.tmp C:\WINDOWS\system32\ajshxgut.tmp2 C:\WINDOWS\system32\aqttjfnt.ini C:\WINDOWS\system32\atletcsw.ini C:\WINDOWS\system32\audlcwcq.ini C:\WINDOWS\system32\bgklpcvu.ini C:\WINDOWS\system32\blphct5kj0ege5.scr C:\WINDOWS\system32\bobghpki.ini C:\WINDOWS\system32\bsjtujaq.ini C:\WINDOWS\system32\cdynvtri.ini C:\WINDOWS\system32\ctswtaoj.ini C:\WINDOWS\system32\cublnduc.ini C:\WINDOWS\system32\djfcleuy.ini C:\WINDOWS\system32\dkrnuhft.ini C:\WINDOWS\system32\dsedhjho.ini C:\WINDOWS\system32\dvipvxda.ini C:\WINDOWS\system32\dxsrqbxt.ini C:\WINDOWS\system32\envelnqe.ini C:\WINDOWS\system32\esysxpdc.ini C:\WINDOWS\system32\ewowqyia.ini C:\WINDOWS\system32\fgyixeix.ini C:\WINDOWS\system32\gbjybatp.ini C:\WINDOWS\system32\hdrvkadw.ini C:\WINDOWS\system32\hninaiew.ini C:\WINDOWS\system32\hyejynef.ini C:\WINDOWS\system32\iakuhsrh.ini C:\WINDOWS\system32\iytaahyn.ini C:\WINDOWS\system32\jedrkxhh.ini C:\WINDOWS\system32\jkkyxudi.ini C:\WINDOWS\system32\jpbaklbj.ini C:\WINDOWS\system32\jsbmjxmf.ini C:\WINDOWS\system32\jumxdcdq.ini C:\WINDOWS\system32\jxuqfuty.ini C:\WINDOWS\system32\kamcahkw.ini C:\WINDOWS\system32\khpvbkdc.ini C:\WINDOWS\system32\kmxlyeck.ini C:\WINDOWS\system32\ldutsxuc.ini C:\WINDOWS\system32\lhlsnhdh.ini C:\WINDOWS\system32\ligeatge.ini C:\WINDOWS\system32\lphct5kj0ege5.exe C:\WINDOWS\system32\mbvovuyc.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mfqckmne.ini C:\WINDOWS\system32\mfqytlcn.ini C:\WINDOWS\system32\mqpdqqoo.ini C:\WINDOWS\system32\nhpcsgca.ini C:\WINDOWS\system32\nqlyuhak.ini C:\WINDOWS\system32\nqnbxetl.ini C:\WINDOWS\system32\nyjgfxbm.ini C:\WINDOWS\system32\ochpjhdy.ini C:\WINDOWS\system32\oekrmwwb.ini C:\WINDOWS\system32\ofaomenn.ini C:\WINDOWS\system32\ofeonaci.ini C:\WINDOWS\system32\olcujwgd.ini C:\WINDOWS\system32\olcujwgd.ini2 C:\WINDOWS\system32\olcujwgd.tmp C:\WINDOWS\system32\ooagtyda.ini C:\WINDOWS\system32\ovvdsvmr.ini C:\WINDOWS\system32\pclbdiph.ini C:\WINDOWS\system32\phct5kj0ege5.bmp C:\WINDOWS\system32\phntwufo.ini C:\WINDOWS\system32\pmlatiaq.ini C:\WINDOWS\system32\pphct5kj0ege5.exe C:\WINDOWS\system32\pwdsdhpo.ini C:\WINDOWS\system32\qlnxtvla.ini C:\WINDOWS\system32\qsvhyyrh.ini C:\WINDOWS\system32\qttss.bak1 C:\WINDOWS\system32\qttss.ini C:\WINDOWS\system32\qxokeofx.ini C:\WINDOWS\system32\regusjco.ini C:\WINDOWS\system32\resuguiy.ini C:\WINDOWS\system32\reysafxk.ini C:\WINDOWS\system32\rfaihuqh.ini C:\WINDOWS\system32\ripoyukf.ini C:\WINDOWS\system32\rmkyrmbx.ini C:\WINDOWS\system32\rtutv.ini C:\WINDOWS\system32\rtutv.ini2 C:\WINDOWS\system32\sabvlngd.ini C:\WINDOWS\system32\sfddjsyp.ini C:\WINDOWS\system32\srxljlks.ini C:\WINDOWS\system32\stvwa.bak1 C:\WINDOWS\system32\stvwa.ini C:\WINDOWS\system32\sxunccdu.ini C:\WINDOWS\system32\sysrest32.exe C:\WINDOWS\system32\taksoqwy.ini C:\WINDOWS\system32\tbyebchn.ini C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssservers.dat C:\WINDOWS\system32\tjuviika.ini C:\WINDOWS\system32\tpcmkkgg.ini C:\WINDOWS\system32\tsgvhupq.ini C:\WINDOWS\system32\uclswvam.ini C:\WINDOWS\system32\uenxiuny.ini C:\WINDOWS\system32\uernhjlc.ini C:\WINDOWS\system32\uttss.bak1 C:\WINDOWS\system32\uttss.bak2 C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\uttss.tmp C:\WINDOWS\system32\vbsxithu.ini C:\WINDOWS\system32\vldpwxiv.ini C:\WINDOWS\system32\vlvemtre.ini C:\WINDOWS\system32\vtmuipox.ini C:\WINDOWS\system32\vvfykoat.ini C:\WINDOWS\system32\wdtfmxvp.ini C:\WINDOWS\system32\winspool.dll C:\WINDOWS\system32\wqdyilpb.ini C:\WINDOWS\system32\wqfqsejl.ini C:\WINDOWS\system32\wqjkeflh.ini C:\WINDOWS\system32\wutdgkin.ini C:\WINDOWS\system32\xwoeiudj.ini C:\WINDOWS\system32\yexgslxx.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FMTR -------\Service_sysrest.sys ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))))))) . 2008-09-05 19:30 . 2008-09-05 19:42 <REP> d-------- C:\HJT 2008-08-31 22:30 . 2008-08-31 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-31 19:08 . 2008-08-31 19:08 <REP> d-------- C:\Program Files\Panda Security 2008-08-30 23:38 . 2008-09-04 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-30 20:20 . 2008-08-31 19:04 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-08-29 22:04 . 2008-08-30 14:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll 2008-08-25 22:21 . 2008-08-25 22:21 <REP> d-------- C:\Program Files\rhcp5kj0ege5 2008-08-25 22:20 . 2008-08-25 22:21 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport 2008-08-25 17:14 . 2008-08-25 18:05 <REP> d-------- C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport 2008-08-15 16:32 . 2008-08-25 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-07 19:10 . 2008-08-07 19:10 <REP> d-------- C:\Documents and Settings\TASLEEM\Application Data\Planit International 2008-08-07 19:10 . 2008-08-07 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Planit Fusion Live Hygena 2008-08-07 19:09 . 2008-08-07 19:09 <REP> d-------- C:\Program Files\Hygena . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 19:11 --------- d-----w C:\Program Files\dbar 2008-09-06 19:01 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\U3 2008-09-04 14:26 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\OpenOffice.org2 2008-09-01 20:15 --------- d-----w C:\Program Files\GamesBar 2008-08-31 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar 2008-08-25 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-25 16:59 --------- d-----w C:\Program Files\FaxTools 2008-08-25 16:57 --------- d-----w C:\Program Files\Gamenext 2008-08-15 14:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-15 14:32 --------- d-----w C:\Program Files\Google 2008-07-28 00:39 --------- d-----w C:\Program Files\ItsLabel 2008-07-28 00:38 --------- d-----w C:\Program Files\EoRezo 2008-07-28 00:38 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\EoRezo 2008-07-26 11:21 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\ItsLabel 2008-07-21 19:15 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\dvdcss 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-14 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sage 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-06 12:09 --------- d-----w C:\Program Files\Motive 2008-07-06 12:09 --------- d-----w C:\Program Files\Club-Internet 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-05-11 00:49 0 -c--a-w C:\Program Files\acs3DB.tmp 2007-03-25 20:54 6,820,520 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe 2006-04-08 16:21 3,216,424 ----a-w C:\Documents and Settings\TASLEEM\picasa2-setup-1877.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 160768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Talha^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk] path=C:\Documents and Settings\Talha\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk backup=C:\WINDOWS\pss\Club Internet.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcp5kj0ege5] --a------ 2008-08-25 18:35 831488 C:\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-07 15:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Documents and Settings\\TASLEEM\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0766c892-562b-11dc-b626-0014a41f60a1}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f3b5506-8d59-11dc-b6a2-0014a41f60a1}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4f4f9e-0def-11dc-b5ad-0014a41f60a1}] \Shell\AutoRun\command - G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce843214-5956-11dd-b867-001915215681}] \Shell\Auto\command - bittorrent.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc53b23b-a4bf-11db-b416-0014a41f60a1}] \Shell\AutoRun\command - H:\autorun.exe \Shell\explore\Command - H:\autorun.exe -e \Shell\open\Command - H:\autorun.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe MSConfigStartUp-BM0bdb957c - C:\WINDOWS\system32\ybqvllwg.dll MSConfigStartUp-HijackThis startup scan - C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe MSConfigStartUp-lphct5kj0ege5 - C:\WINDOWS\system32\lphct5kj0ege5.exe MSConfigStartUp-MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\TASLEEM\Application Data\Mozilla\Firefox\Profiles\43afnppf.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/ . . ------- File Associations (Beta) ------- . . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 21:12:56 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... C:\WINDOWS\explorer.exe [2540] 0x8194D020 Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-06 21:37:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-06 19:37:12 Pre-Run: 6,863,466,496 octets libres Post-Run: 7,247,982,592 octets libres 371 --- E O F --- 2008-08-14 16:12:29

Bonjour tout le monde!! Alors voilà, j'ai un petit gros propleme avec mon pc.. J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire) Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu icon_rolleyes.gif donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:18, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe%

Bonjour tout le monde!! Alors voilà, j'ai un petit gros propleme avec mon pc.. J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire) Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu icon_rolleyes.gif donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:18, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files

Bonjour tout le monde!! Alors voilà, j'ai un petit gros propleme avec mon pc.. J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire) Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu icon_rolleyes.gif donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:18, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Goog

Bonjour tout le monde!! Alors voilà, j'ai un petit gros propleme avec mon pc.. J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire) Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu icon_rolleyes.gif donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:18, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files%

Bonjour tout le monde!! Alors voilà, j'ai un petit gros propleme avec mon pc.. J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire) Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu icon_rolleyes.gif donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:18, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program

Bonjour tout le monde!! Alors voilà, j'ai un petit gros propleme avec mon pc.. J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire) Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu icon_rolleyes.gif donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:18, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Awa