[resolu]antivirus xp 2008 -- Hijackthis

[Invité kiraan]

Bonjour tout le monde!!

 

Alors voilà, j'ai un petit gros propleme avec mon pc..

 

J'ai chopé le virus "antivirus xp 2008".. J'ai vu sur le forum la procédure a suivre donc je l'ai suivie à la lettre ( netoyage du pc avc "cleanmgr", puis analyse avec antivir + suppression des fichier infecter, et analyse avec hijacthis, j'ai bien supprimé antivirs comme il est demandé de le faire)

Maintenant je suis a la phase finale, je vien de faire une analyse avec hijackthis j'ai mis le rapport sur ce site : http://www.hijackthis.de/fr mais il me dis que tout va bien donc un peu perdu

 

donc est ce que vous pouvez m'aidez svp et me dire ce que je dois faire je vous donne le log d'hijackthis.. Merci d'avance.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:34:18, on 04/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RةSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143150274147

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)

O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)

O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 5269 bytes

[fifi29]

salut , tu n'est pas dans la bonne section , c'est par là

http://forum.zebulon.fr/analyse-rapports-h...lwares-f51.html

a++++

[Invité Kiraan]

Ah ok désolé..je vais recrée le sujet dans l'autre section dans ce cas là.

 

Mercii

[Invité kiraan]

il y a un pb...je ne suis pas inscrite sur le forum et je ne peux pas m'y inscrire parce que je n'ai pas accès a ma boite mail a cause du virus..du cou je n'arrive pas a crée un nouveau sujet dans la section

 

Comment je peux faire dans ce cas là :s?

[angelique]

Ton antivirus , c'est en option comme l'allume cigare dans une voiture?? on en mettra un bon apres!

 

commence par desinstaller adaware , ça sert à rien!

 

HijackThis est mal plaçé!

 

• creer un nouveau dossier en c:\ nommé HJT

telecharger HijackThis.exe dans ce nouveau dossier crée::

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

 

lDouble-clique dessus . Accepte la licence qui va apparaître par "I agree" .

 

Puis clique sur "Do a system scan only" , coche les lignes ci dessous et clic fixchecked:

 

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)

O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)

O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll (file missing)

 

 

===> clic Fixchecked

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe, accepte le CluF qui s'affiche, afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[tandouri]

Merci pour ton aide Angélique

 

( dsl de ne pas avoir repondu plus tot j'étais un peu prise ces derier tps.. j'ai reussi a crée un compte aussi )

 

Alr l'anti virus je l'avais supprimé..on m'avais dis de le faire pour suivre la procédure etc c'est pas vraimnt en option lol :$

" Antivirus Xp 2008" a été supprimé grace a ton aide merci encore

 

Je te poste le rapport de l'analyse .. au passage j'ai l'écran tout bleu et rien de s'affiche sur le bureau,, c'est mauvais signe non? :s

 

Merci encore Angélique

 

 

ComboFix 08-09-05.02 - TASLEEM 2008-09-06 21:02:40.1 - NTFSx86 NETWORK

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.132 [GMT 2:00]

Endroit: C:\Documents and Settings\TASLEEM\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

C:\Documents and Settings\All Users\Application Data\salesmonitor

C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk

C:\Documents and Settings\SOFIA\Cookies\sofia@edt02[2].txt

C:\Documents and Settings\SOFIA\Cookies\sofia@tracker.affistats[2].txt

C:\Documents and Settings\Talha\Cookies\talha@edt02[4].txt

C:\Documents and Settings\Talha\Cookies\talha@libresystem[1].txt

C:\Documents and Settings\Talha\Cookies\talha@news.fr.msn[2].txt

C:\Documents and Settings\Talha\Cookies\talha@reparateurdesysteme[1].txt

C:\Documents and Settings\Talha\ResErrors.log

C:\Documents and Settings\TASLEEM\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\TASLEEM\Application Data\rhcp5kj0ege5

C:\Documents and Settings\TASLEEM\Application Data\WeatherDPA

C:\Documents and Settings\TASLEEM\Application Data\WeatherDPA\Weather\log.txt

C:\Documents and Settings\TASLEEM\Application Data\WeatherDPA\Weather\WeatherStartup.xml

C:\Documents and Settings\TASLEEM\Cookies\tasleem@clickintext[1].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@edt02[1].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@news.fr.msn[2].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@trafiz[2].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@web[1].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@www.toutpourlamicro[1].txt

C:\Documents and Settings\TASLEEM\new.txt

C:\Documents and Settings\TASLEEM\ResErrors.log

C:\Program Files\dbar\basis.xml

C:\Program Files\dbar\channel.tmpl

C:\Program Files\dbar\content.tmpl

C:\Program Files\dbar\date.tmpl

C:\Program Files\dbar\deskbar.crc

C:\Program Files\dbar\edit_rss.tmpl

C:\Program Files\dbar\logo.bmp

C:\Program Files\dbar\mbback.bmp

C:\Program Files\dbar\mbbigopen.bmp

C:\Program Files\dbar\mbclose.bmp

C:\Program Files\dbar\mbfwd.bmp

C:\Program Files\dbar\mblogo.bmp

C:\Program Files\dbar\mbsep.bmp

C:\Program Files\dbar\nav1.bmp

C:\Program Files\dbar\nav2.bmp

C:\Program Files\dbar\new_alert.tmpl

C:\Program Files\dbar\Thumbs.db

C:\Program Files\dbar\version.txt

C:\Program Files\Hotbar

C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico

C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt

C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll

C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\chrome.manifest

C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt

C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf

C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll

C:\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll

C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll

C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe

C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe

C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll

C:\Program Files\Hotbar\bin\10.0.356.0\link.ico

C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe

C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe

C:\Program Files\Hotbar\bin\10.0.356.0\WeSkin.dll

C:\Program Files\ShoppingReport

C:\Program Files\ShoppingReport\Uninst.exe

C:\Program Files\winvi

C:\Program Files\winvi\dsktp\AC_RunActiveContent.js

C:\Program Files\winvi\dsktp\desktop.html

C:\Program Files\winvi\dsktp\internetDetection.swf

C:\Program Files\winvi\dsktp\settings.sol

C:\WINDOWS\BM0bdb957c.txt

C:\WINDOWS\BM0bdb957c.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\a.exe

C:\WINDOWS\system32\adbsmekl.ini

C:\WINDOWS\system32\afrwmwmj.ini

C:\WINDOWS\system32\ajshxgut.ini2

C:\WINDOWS\system32\ajshxgut.tmp

C:\WINDOWS\system32\ajshxgut.tmp2

C:\WINDOWS\system32\aqttjfnt.ini

C:\WINDOWS\system32\atletcsw.ini

C:\WINDOWS\system32\audlcwcq.ini

C:\WINDOWS\system32\bgklpcvu.ini

C:\WINDOWS\system32\blphct5kj0ege5.scr

C:\WINDOWS\system32\bobghpki.ini

C:\WINDOWS\system32\bsjtujaq.ini

C:\WINDOWS\system32\cdynvtri.ini

C:\WINDOWS\system32\ctswtaoj.ini

C:\WINDOWS\system32\cublnduc.ini

C:\WINDOWS\system32\djfcleuy.ini

C:\WINDOWS\system32\dkrnuhft.ini

C:\WINDOWS\system32\dsedhjho.ini

C:\WINDOWS\system32\dvipvxda.ini

C:\WINDOWS\system32\dxsrqbxt.ini

C:\WINDOWS\system32\envelnqe.ini

C:\WINDOWS\system32\esysxpdc.ini

C:\WINDOWS\system32\ewowqyia.ini

C:\WINDOWS\system32\fgyixeix.ini

C:\WINDOWS\system32\gbjybatp.ini

C:\WINDOWS\system32\hdrvkadw.ini

C:\WINDOWS\system32\hninaiew.ini

C:\WINDOWS\system32\hyejynef.ini

C:\WINDOWS\system32\iakuhsrh.ini

C:\WINDOWS\system32\iytaahyn.ini

C:\WINDOWS\system32\jedrkxhh.ini

C:\WINDOWS\system32\jkkyxudi.ini

C:\WINDOWS\system32\jpbaklbj.ini

C:\WINDOWS\system32\jsbmjxmf.ini

C:\WINDOWS\system32\jumxdcdq.ini

C:\WINDOWS\system32\jxuqfuty.ini

C:\WINDOWS\system32\kamcahkw.ini

C:\WINDOWS\system32\khpvbkdc.ini

C:\WINDOWS\system32\kmxlyeck.ini

C:\WINDOWS\system32\ldutsxuc.ini

C:\WINDOWS\system32\lhlsnhdh.ini

C:\WINDOWS\system32\ligeatge.ini

C:\WINDOWS\system32\lphct5kj0ege5.exe

C:\WINDOWS\system32\mbvovuyc.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mfqckmne.ini

C:\WINDOWS\system32\mfqytlcn.ini

C:\WINDOWS\system32\mqpdqqoo.ini

C:\WINDOWS\system32\nhpcsgca.ini

C:\WINDOWS\system32\nqlyuhak.ini

C:\WINDOWS\system32\nqnbxetl.ini

C:\WINDOWS\system32\nyjgfxbm.ini

C:\WINDOWS\system32\ochpjhdy.ini

C:\WINDOWS\system32\oekrmwwb.ini

C:\WINDOWS\system32\ofaomenn.ini

C:\WINDOWS\system32\ofeonaci.ini

C:\WINDOWS\system32\olcujwgd.ini

C:\WINDOWS\system32\olcujwgd.ini2

C:\WINDOWS\system32\olcujwgd.tmp

C:\WINDOWS\system32\ooagtyda.ini

C:\WINDOWS\system32\ovvdsvmr.ini

C:\WINDOWS\system32\pclbdiph.ini

C:\WINDOWS\system32\phct5kj0ege5.bmp

C:\WINDOWS\system32\phntwufo.ini

C:\WINDOWS\system32\pmlatiaq.ini

C:\WINDOWS\system32\pphct5kj0ege5.exe

C:\WINDOWS\system32\pwdsdhpo.ini

C:\WINDOWS\system32\qlnxtvla.ini

C:\WINDOWS\system32\qsvhyyrh.ini

C:\WINDOWS\system32\qttss.bak1

C:\WINDOWS\system32\qttss.ini

C:\WINDOWS\system32\qxokeofx.ini

C:\WINDOWS\system32\regusjco.ini

C:\WINDOWS\system32\resuguiy.ini

C:\WINDOWS\system32\reysafxk.ini

C:\WINDOWS\system32\rfaihuqh.ini

C:\WINDOWS\system32\ripoyukf.ini

C:\WINDOWS\system32\rmkyrmbx.ini

C:\WINDOWS\system32\rtutv.ini

C:\WINDOWS\system32\rtutv.ini2

C:\WINDOWS\system32\sabvlngd.ini

C:\WINDOWS\system32\sfddjsyp.ini

C:\WINDOWS\system32\srxljlks.ini

C:\WINDOWS\system32\stvwa.bak1

C:\WINDOWS\system32\stvwa.ini

C:\WINDOWS\system32\sxunccdu.ini

C:\WINDOWS\system32\sysrest32.exe

C:\WINDOWS\system32\taksoqwy.ini

C:\WINDOWS\system32\tbyebchn.ini

C:\WINDOWS\system32\tdssadw.dll

C:\WINDOWS\system32\tdssinit.dll

C:\WINDOWS\system32\tdssl.dll

C:\WINDOWS\system32\tdsslog.dll

C:\WINDOWS\system32\tdssmain.dll

C:\WINDOWS\system32\tdssservers.dat

C:\WINDOWS\system32\tjuviika.ini

C:\WINDOWS\system32\tpcmkkgg.ini

C:\WINDOWS\system32\tsgvhupq.ini

C:\WINDOWS\system32\uclswvam.ini

C:\WINDOWS\system32\uenxiuny.ini

C:\WINDOWS\system32\uernhjlc.ini

C:\WINDOWS\system32\uttss.bak1

C:\WINDOWS\system32\uttss.bak2

C:\WINDOWS\system32\uttss.ini

C:\WINDOWS\system32\uttss.ini2

C:\WINDOWS\system32\uttss.tmp

C:\WINDOWS\system32\vbsxithu.ini

C:\WINDOWS\system32\vldpwxiv.ini

C:\WINDOWS\system32\vlvemtre.ini

C:\WINDOWS\system32\vtmuipox.ini

C:\WINDOWS\system32\vvfykoat.ini

C:\WINDOWS\system32\wdtfmxvp.ini

C:\WINDOWS\system32\winspool.dll

C:\WINDOWS\system32\wqdyilpb.ini

C:\WINDOWS\system32\wqfqsejl.ini

C:\WINDOWS\system32\wqjkeflh.ini

C:\WINDOWS\system32\wutdgkin.ini

C:\WINDOWS\system32\xwoeiudj.ini

C:\WINDOWS\system32\yexgslxx.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FMTR

-------\Service_sysrest.sys

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-05 19:30 . 2008-09-05 19:42 <REP> d-------- C:\HJT

2008-08-31 22:30 . 2008-08-31 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-08-31 19:08 . 2008-08-31 19:08 <REP> d-------- C:\Program Files\Panda Security

2008-08-30 23:38 . 2008-09-04 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-30 20:20 . 2008-08-31 19:04 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-29 22:04 . 2008-08-30 14:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll

2008-08-25 22:21 . 2008-08-25 22:21 <REP> d-------- C:\Program Files\rhcp5kj0ege5

2008-08-25 22:20 . 2008-08-25 22:21 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport

2008-08-25 17:14 . 2008-08-25 18:05 <REP> d-------- C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport

2008-08-15 16:32 . 2008-08-25 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

2008-08-07 19:10 . 2008-08-07 19:10 <REP> d-------- C:\Documents and Settings\TASLEEM\Application Data\Planit International

2008-08-07 19:10 . 2008-08-07 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Planit Fusion Live Hygena

2008-08-07 19:09 . 2008-08-07 19:09 <REP> d-------- C:\Program Files\Hygena

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 19:11 --------- d-----w C:\Program Files\dbar

2008-09-06 19:01 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\U3

2008-09-04 14:26 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\OpenOffice.org2

2008-09-01 20:15 --------- d-----w C:\Program Files\GamesBar

2008-08-31 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar

2008-08-25 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-25 16:59 --------- d-----w C:\Program Files\FaxTools

2008-08-25 16:57 --------- d-----w C:\Program Files\Gamenext

2008-08-15 14:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-08-15 14:32 --------- d-----w C:\Program Files\Google

2008-07-28 00:39 --------- d-----w C:\Program Files\ItsLabel

2008-07-28 00:38 --------- d-----w C:\Program Files\EoRezo

2008-07-28 00:38 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\EoRezo

2008-07-26 11:21 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\ItsLabel

2008-07-21 19:15 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\dvdcss

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-14 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sage

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-06 12:09 --------- d-----w C:\Program Files\Motive

2008-07-06 12:09 --------- d-----w C:\Program Files\Club-Internet

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-05-11 00:49 0 -c--a-w C:\Program Files\acs3DB.tmp

2007-03-25 20:54 6,820,520 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe

2006-04-08 16:21 3,216,424 ----a-w C:\Documents and Settings\TASLEEM\picasa2-setup-1877.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 160768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk

backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Talha^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]

path=C:\Documents and Settings\Talha\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk

backup=C:\WINDOWS\pss\Club Internet.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcp5kj0ege5]

--a------ 2008-08-25 18:35 831488 C:\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-07 15:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a--c--- 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Documents and Settings\\TASLEEM\\Application Data\\SopCast\\adv\\SopAdver.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0766c892-562b-11dc-b626-0014a41f60a1}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f3b5506-8d59-11dc-b6a2-0014a41f60a1}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4f4f9e-0def-11dc-b5ad-0014a41f60a1}]

\Shell\AutoRun\command - G:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce843214-5956-11dd-b867-001915215681}]

\Shell\Auto\command - bittorrent.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc53b23b-a4bf-11db-b416-0014a41f60a1}]

\Shell\AutoRun\command - H:\autorun.exe

\Shell\explore\Command - H:\autorun.exe -e

\Shell\open\Command - H:\autorun.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

MSConfigStartUp-BM0bdb957c - C:\WINDOWS\system32\ybqvllwg.dll

MSConfigStartUp-HijackThis startup scan - C:\DOCUME~1\TASLEEM\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe

MSConfigStartUp-lphct5kj0ege5 - C:\WINDOWS\system32\lphct5kj0ege5.exe

MSConfigStartUp-MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\TASLEEM\Application Data\Mozilla\Firefox\Profiles\43afnppf.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/

.

.

------- File Associations (Beta) -------

.

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-06 21:12:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

C:\WINDOWS\explorer.exe [2540] 0x8194D020

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-06 21:37:18 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-06 19:37:12

 

Pre-Run: 6,863,466,496 octets libres

Post-Run: 7,247,982,592 octets libres

 

371 --- E O F --- 2008-08-14 16:12:29

[tandouri]

on m'a oublié? lol

[angelique]

Oui je t'avais zappé désolée.

 

• panneau de configuration , onglet parefeu , met le sur activé

 

• Désinstalle via Ajout/Suppression de Programmes s'ils sont presents:

-GamesBar

-EoRezo

 

 

• retelecharge ComboFix et remplace le de l'ancien

 

» ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\tdssserf.dll
Folder::
C:\Program Files\rhcp5kj0ege5
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport
C:\Program Files\EoRezo
C:\Documents and Settings\TASLEEM\Application Data\EoRezo
C:\Program Files\GamesBar
C:\Documents and Settings\All Users\Application Data\GamesBar
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcp5kj0ege5]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce843214-5956-11dd-b867-001915215681}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• Télécharge Malwarebytes' Anti-Malware (MBAM)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

• installe un antivirus antivir: http://dlce.antivir.com/down/windows/antiv...n_winu_en_h.exe

 

configure le , met à jour et fait un scan complet , tu postes le rapport

 

tuto:

http://www.malekal.com/tutorial_antivir.php

[tandouri]

lol pas grave si tu l'avais zappé

 

alors je vais te posterles analyse, je vais faire une analyse par poste je pense que sa sera plus facile pour toi

 

donc, pour la 1ere celle avec conbofix :

 

ComboFix 08-09-15.01 - TASLEEM 2008-09-15 22:39:04.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.70 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\TASLEEM\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\TASLEEM\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\TASLEEM\Application Data\EoRezo

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\cmhost.cyp

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\ConfMedia.cyp

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\db\cat.cyp

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoDesktop\config.xml

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoDesktop\eoDesktop.html

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoDesktop\userConfig.xml

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\eoStats\eoStats.txt

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\host.cyp

C:\Documents and Settings\TASLEEM\Application Data\EoRezo\user.cyp

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\TASLEEM\Application Data\ShoppingReport\cs\res1\WhiteList.dbs

C:\Documents and Settings\TASLEEM\Cookies\tasleem@bluestreak[2].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@metrixlablw.customers.luna[2].txt

C:\Documents and Settings\TASLEEM\Cookies\tasleem@serving-sys[1].txt

C:\Program Files\dbar

C:\Program Files\EoRezo

C:\Program Files\EoRezo\EoAdv\eoAdv.url

C:\Program Files\EoRezo\EoAdv\EoRezoBho.old

C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9046

C:\Program Files\rhcp5kj0ege5

C:\Program Files\rhcp5kj0ege5\database.dat

C:\Program Files\rhcp5kj0ege5\license.txt

C:\Program Files\rhcp5kj0ege5\MFC71.dll

C:\Program Files\rhcp5kj0ege5\MFC71ENU.DLL

C:\Program Files\rhcp5kj0ege5\msvcp71.dll

C:\Program Files\rhcp5kj0ege5\msvcr71.dll

C:\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe

C:\Program Files\rhcp5kj0ege5\rhcp5kj0ege5.exe.local

C:\Program Files\rhcp5kj0ege5\Uninstall.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs

C:\WINDOWS\system32\tdssserf.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-10 19:52 . 2008-09-10 19:52 <REP> d-------- C:\Program Files\Avira

2008-09-07 17:35 . 2008-09-07 17:35 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db

2008-09-05 19:30 . 2008-09-05 19:42 <REP> d-------- C:\HJT

2008-08-31 22:30 . 2008-08-31 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-08-31 19:08 . 2008-08-31 19:08 <REP> d-------- C:\Program Files\Panda Security

2008-08-30 23:38 . 2008-09-10 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-30 20:20 . 2008-09-14 21:55 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-15 16:32 . 2008-09-15 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 20:15 --------- d-----w C:\Program Files\Yahoo!

2008-09-15 20:10 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-09-15 20:01 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\OpenOffice.org2

2008-09-15 14:55 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\Yahoo!

2008-09-06 22:12 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-09-06 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-06 19:01 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\U3

2008-08-25 16:59 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-25 16:59 --------- d-----w C:\Program Files\FaxTools

2008-08-25 16:57 --------- d-----w C:\Program Files\Gamenext

2008-08-15 14:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-08-15 14:32 --------- d-----w C:\Program Files\Google

2008-08-07 17:10 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\Planit International

2008-08-07 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Planit Fusion Live Hygena

2008-07-28 00:39 --------- d-----w C:\Program Files\ItsLabel

2008-07-26 11:21 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\ItsLabel

2008-07-21 19:15 --------- d-----w C:\Documents and Settings\TASLEEM\Application Data\dvdcss

2007-05-11 00:49 0 -c--a-w C:\Program Files\acs3DB.tmp

2007-03-25 20:54 6,820,520 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe

2006-04-08 16:21 3,216,424 ----a-w C:\Documents and Settings\TASLEEM\picasa2-setup-1877.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-06_21.35.58.93 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-02 01:00:12 135,168 -c--a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-09-10 15:54:32 135,168 ----a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-06-02 01:00:13 40,960 -c--a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe

+ 2008-09-10 15:54:32 40,960 ----a-r C:\WINDOWS\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe

+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-11-02 08:47:38 83,496 ----a-w C:\WINDOWS\system32\drivers\s916bus.sys

+ 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916cm.sys

+ 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916cmnt.sys

+ 2007-11-02 08:47:38 15,016 ----a-w C:\WINDOWS\system32\drivers\s916mdfl.sys

+ 2007-11-02 08:47:38 109,992 ----a-w C:\WINDOWS\system32\drivers\s916mdm.sys

+ 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916wh.sys

+ 2007-11-02 08:47:38 12,200 ----a-w C:\WINDOWS\system32\drivers\s916whnt.sys

+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

+ 2008-06-24 16:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

+ 2008-04-15 17:56:59 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

C:\Documents and Settings\Talha\Menu D‚marrer\Programmes\D‚marrage\

Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-08-13 5484544]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk

backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Talha^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]

path=C:\Documents and Settings\Talha\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk

backup=C:\WINDOWS\pss\Club Internet.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-07 15:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a--c--- 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Documents and Settings\\TASLEEM\\Application Data\\SopCast\\adv\\SopAdver.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]

R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]

S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]

S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0766c892-562b-11dc-b626-0014a41f60a1}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f3b5506-8d59-11dc-b6a2-0014a41f60a1}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4f4f9e-0def-11dc-b5ad-0014a41f60a1}]

\Shell\AutoRun\command - G:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc53b23b-a4bf-11db-b416-0014a41f60a1}]

\Shell\AutoRun\command - H:\autorun.exe

\Shell\explore\Command - H:\autorun.exe -e

\Shell\open\Command - H:\autorun.exe

.

Contenu du dossier 'Tâches planifiées'

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-15 22:53:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

.

Heure de fin: 2008-09-15 23:09:02

ComboFix-quarantined-files.txt 2008-09-15 21:07:58

ComboFix2.txt 2008-09-06 19:37:19

 

Avant-CF: 5,380,083,712 octets libres

AprŠs-CF: 6,370,029,568 octets libres

 

214 --- E O F --- 2008-09-10 15:54:34

[tandouri]

Pour l'analyse malware, celle d'antivir je vais faire le scanne et je te le poste, merci encore pour ton aide :

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1158

Windows 5.1.2600 Service Pack 2

 

15/09/2008 23:52:34

mbam-log-2008-09-15 (23-52-34).txt

 

Type de recherche: Examen rapide

Eléments examinés: 46479

Temps écoulé: 4 minute(s), 58 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 42

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 7

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar\Settings\Application Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar\Settings\TASLEEM (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Talha\Application Data\Deskbar_{A287A2A1-E736-43b1-83DD-CCC1BA9029E9} (Adware.SoftMate) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MySearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Talha\Application Data\Deskbar_{A287A2A1-E736-43b1-83DD-CCC1BA9029E9}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\npqss.tmp (Malware.Trace) -> Quarantined and deleted successfully.