Coco16
-
Compteur de contenus
8 -
Inscription
-
Dernière visite
Coco16's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Le raport MBAM: Malwarebytes Anti-Malware (Essai) 1.61.0.1400 www.malwarebytes.org Version de la base de données: v2012.04.24.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Francesco :: FRANCESCO-PC [administrateur] Protection: Activé 24/04/2012 21:11:26 mbam-log-2012-04-24 (21-56-29).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 378750 Temps écoulé: 44 minute(s), 49 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Données: File extension redirect -> Aucune action effectuée. Elément(s) de données du Registre détecté(s): 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Mauvais: (http://www.helpmeopen.com/?n=app&ext=%s) Bon: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Aucune action effectuée. Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Aucune action effectuée. C:\Program Files (x86)\Konvertor\Kawd.exe (Malware.Packer.Gen) -> Aucune action effectuée. C:\Program Files (x86)\WinRAR\Patch 5.xx.exe (Riskware.Tool.CK) -> Aucune action effectuée. C:\Users\Francesco\Downloads\hijackthis_telechargement_01net.exe (PUP.Toolbar.Repacked) -> Aucune action effectuée. C:\explorer.exe (Worm.AutoRun) -> Aucune action effectuée. (fin)
-
Dés que l'analyse est finie je te donne le raport MBAM
-
Le raport SFt: Lien CJoint.com BDyvgSKEsiY
-
^RogueKiller V7.3.3 [22/04/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Francesco [Droits d'admin] Mode: Suppression -- Date: 24/04/2012 20:36:47 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103SI ATA Device +++++ --- User --- [MBR] 32b35301765b17c3fc3340abcd0c1854 [bSP] 96c788e138046703e8d37da2af3ed620 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
-
Voilà je n'est rien fait d'autre comme demander. RogueKiller V7.3.3 [22/04/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Francesco [Droits d'admin] Mode: Recherche -- Date: 24/04/2012 20:24:32 ¤¤¤ Processus malicieux: 1 ¤¤¤ [sUSP PATH] ycyfe.exe -- C:\Users\Francesco\AppData\Roaming\Wezau\ycyfe.exe -> KILLED [TermProc] ¤¤¤ Entrees de registre: 8 ¤¤¤ [HJ NAME] HKCU\[...]\Run : windows_explorer (C:\explorer.exe) -> FOUND [sUSP PATH] HKCU\[...]\Run : Kodik (C:\Users\Francesco\AppData\Roaming\Wezau\ycyfe.exe) -> FOUND [sUSP PATH] HKCU\[...]\Run : Windows Init ("C:\Users\Francesco\AppData\Roaming\xnpialepbp3m3szdvrejybws3qfgh1bx\svcnost.exe") -> FOUND [HJ NAME] HKUS\S-1-5-21-1010715159-508588532-2631771729-1001[...]\Run : windows_explorer (C:\explorer.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1010715159-508588532-2631771729-1001[...]\Run : Kodik (C:\Users\Francesco\AppData\Roaming\Wezau\ycyfe.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1010715159-508588532-2631771729-1001[...]\Run : Windows Init ("C:\Users\Francesco\AppData\Roaming\xnpialepbp3m3szdvrejybws3qfgh1bx\svcnost.exe") -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103SI ATA Device +++++ --- User --- [MBR] 32b35301765b17c3fc3340abcd0c1854 [bSP] 96c788e138046703e8d37da2af3ed620 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt
-
Voilà le raport: Lien CJoint.com BDytJW6b8hN
-
Merci pour ta réponse rapide Apollo, alors voici le raport de adwcleaner: # AdwCleaner v1.604 - Rapport créé le 24/04/2012 à 19:22:43 # Mis à jour le 23/04/2012 par Xplode # Système d'exploitation : Windows 7 Home Premium (64 bits) # Nom d'utilisateur : Francesco - FRANCESCO-PC # Exécuté depuis : C:\Users\Francesco\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\Francesco\AppData\Local\Babylon Dossier Supprimé : C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif Dossier Supprimé : C:\Users\FRANCE~1\AppData\Local\Temp\BabylonToolbar Dossier Supprimé : C:\Users\Francesco\AppData\LocalLow\facemoods.com Dossier Supprimé : C:\Users\Francesco\AppData\Roaming\Babylon Dossier Supprimé : C:\Users\Francesco\AppData\Roaming\GetRightToGo Dossier Supprimé : C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\b9b0o7pz.default\extensions\[email protected] Dossier Supprimé : C:\ProgramData\Babylon Dossier Supprimé : C:\Program Files (x86)\facemoods.com Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml ***** [Registre] ***** Clé Supprimée : HKCU\Software\BabylonToolbar Clé Supprimée : HKCU\Software\facemoods.com Clé Supprimée : HKCU\Software\Headlight Clé Supprimée : HKCU\Software\Softonic Clé Supprimée : HKLM\SOFTWARE\Babylon Clé Supprimée : HKLM\SOFTWARE\BabylonToolbar Clé Supprimée : HKLM\SOFTWARE\facemoods.com Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Clé Supprimée : HKLM\SOFTWARE\Classes\facemoods.dskBnd Clé Supprimée : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Clé Supprimée : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Clé Supprimée : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\facemoods.xtrnl Clé Supprimée : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Clé Supprimée : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Clé Supprimée : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Clé Supprimée : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods] ***** [Registre - GUID] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v11.0 (fr) Nom du profil : default Fichier : C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\b9b0o7pz.default\prefs.js C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\b9b0o7pz.default\user.js ... Supprimé ! Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Supprimée : user_pref("browser.search.order.1", "Search the web (Babylon)"); Supprimée : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", ""); Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "tt=151211_wdgt"); Supprimée : user_pref("extensions.BabylonToolbar_i.hardId", "266ec23a000000000000e0cb4ed3c7bf"); Supprimée : user_pref("extensions.BabylonToolbar_i.id", "266ec23a000000000000e0cb4ed3c7bf"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlDay", "15328"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", true); Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=108988&tt=151211_w[...] Supprimée : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Supprimée : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Supprimée : user_pref("extensions.BabylonToolbar_i.tlbrId", "babupdt"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:24:02"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=108988&tt=151211_wdgt&babsrc=adbartrp&mntrId[...] -\\ Google Chrome v18.0.1025.162 Fichier : C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Preferences Supprimée : "name": "Facemoods", Supprimée : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml", ************************* AdwCleaner[s1].txt - [10283 octets] - [24/04/2012 19:22:43] ########## EOF - C:\AdwCleaner[s1].txt - [10412 octets] ########## et le raport de AD-Remover: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: webmail http://webmail.ovh.net C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:14:13 le 24/04/2012, Mode normal Microsoft Windows 7 Édition Familiale Premium (X64) Francesco@FRANCESCO-PC (System manufacturer System Product Name) ============== ACTION(S) ============== Dossier supprimé: C:\Program Files (x86)\Conduit Dossier supprimé: C:\Program Files (x86)\ConduitEngine (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Clé supprimée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [11.0 (fr)] **** HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x) HKLM_MozillaPlugins\@nvidia.com/3DVision (x) HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) HKCU_MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin (x) HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x) Searchplugins\babylon.xml (hxxp://search.babylon.com/) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\fcmdSrch.xml ( hxxp://start.facemoods.com/?a=ddrnw&f=4&q={searchTerms}/) Components\browsercomps.dll (Mozilla Foundation) Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype Click to Call) -- C:\Users\Francesco\AppData\Roaming\Mozilla\FireFox\Profiles\b9b0o7pz.default -- Extensions\[email protected] (Facemoods) Extensions\staged (?) Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} (EPUBReader) Prefs.js - browser.download.lastDir, C:\\Users\\Francesco\\Desktop Prefs.js - browser.search.defaultenginename, Search the web (Babylon) Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.google.be/ Prefs.js - browser.startup.homepage_override.buildID, 20120312181643 Prefs.js - browser.startup.homepage_override.mstone, rv:11.0 Prefs.js - keyword.URL, hxxp://search.babylon.com/?AF=108988&tt=151211_wdgt&babsrc=adbartrp&mntrId=266ec23a000000000000e0cb4ed3c7bf... ======================================== **** Google Chrome Version [18.0.1025.162] **** Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx) (?) -- C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: true) (?) Preferences - homepage: hxxp://www.google.com/ Preferences - homepage_is_newtabpage: true Plugin - Remoting Viewer (Activé: true) (internal-remoting-viewer) (x) Plugin - "Remoting Viewer" (Activé: true) Plugin - Native Client (Activé: true) (C:\Users\Francesco\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll) Plugin - "Native Client" (Activé: true) Plugin - "Java" (Activé: true) Plugin - NVIDIA 3D Vision (Activé: true) (C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll) Plugin - NVIDIA 3D VISION (Activé: true) (C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll) Plugin - "NVIDIA 3D" (Activé: true) Plugin - Pando Web Plugin (Activé: true) (C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll) Plugin - "Pando Web Plugin" (Activé: true) Plugin - Facebook Video Calling Plugin (Activé: true) (C:\Users\Francesco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll) Plugin - "Facebook Video Calling Plugin" (Activé: true) ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - "SearchHook Class" (C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll) HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4) HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll) HKCU_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Francesco\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited) HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Windows.old\Program Files\Internet Download Manager\IEMonitor.exe (x) HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Users\Francesco\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Windows.old\Program Files\Internet Download Manager\IDMan.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Francesco\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) HKLM_Extensions\{878AC5FC-BE78-4bae-896C-7F75B790A71E} - "PokerStars.be" (C:\Program Files (x86)\PokerStars.BE\main.ico) BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll) BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 10 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 24/04/2012 19:15:29 (6877 Octet(s)) Fin à: 19:16:26, 24/04/2012 ============== E.O.F ==============
-
Bonsoir tout le monde j'ai un petit probléme avec mon claver qui me fait ^^, j'ai alors rechercher une solution et instaler le logiciel hijackthis mais je ne comprends rien du tout:( vous pourriez m'aider svp. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:34:45, on 24/04/2012 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files (x86)\Steam\steam.exe C:\Users\Francesco\AppData\Roaming\Spotify\spotify.exe C:\Users\Francesco\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Francesco\AppData\Roaming\Wezau\ycyfe.exe C:\Users\Francesco\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.139\deploy\LolClient.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Users\Francesco\Downloads\hijackthis_telechargement_01net.exe C:\Users\FRANCE~1\AppData\Local\Temp\01net\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iDMan] C:\Windows.old\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [windows_explorer] C:\explorer.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Francesco\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [spotify] "C:\Users\Francesco\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Francesco\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Kodik] C:\Users\Francesco\AppData\Roaming\Wezau\ycyfe.exe O4 - HKCU\..\Run: [Windows Init] "C:\Users\Francesco\AppData\Roaming\xnpialepbp3m3szdvrejybws3qfgh1bx\svcnost.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-1010715159-508588532-2631771729-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1010715159-508588532-2631771729-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: Download all links with IDM - C:\Windows.old\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Windows.old\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Windows.old\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10984 bytes