infecté par BV: Qhost-C ; Help me!!

[romcore1]

Hello les amis, mon fichier hosts est infecté et je n'arrive pas à me débarasser de ce vilain virus BV:Qhost-C

J'aurais bien besoin de votre aide!!! Merci d'avance!!!

 

- le log de highjack this:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:20:00, on 03/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Downloads\HiJackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: om

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll (file missing)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [service] C:\WINDOWS\system32\service.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\system32\ativtmxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Audio for Windows] sdfhost.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\RunServices: [Audio for Windows] sdfhost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk.disabled

O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk.disabled

O4 - Global Startup: Outil de mise à jour Google.lnk.disabled

O4 - Global Startup: Picture Package Menu.lnk.disabled

O4 - Global Startup: Picture Package VCD Maker.lnk.disabled

O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -

O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{8589F7A4-FD8F-4487-B6C2-FDCCD1510286}: NameServer = 86.64.145.144 84.103.237.144

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 12650 bytes

[pear]

Bonjour,

 

Télécharger sur le bureauOTM by OldTimer .

Double-clic sur OTM.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

Bonjour Service

:Files

c:\program files\daemon tools searchbar\search.dll

c:\windows\system32\service.exe

:Reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"service"=-

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Revenez dans OTM,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTM

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTM\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

Téléchargez MBAM

 

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

 

 

 

 

 

Dans Hijackthis,cochez ces lignes puis clic sur Fix checked

 

O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)

O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

 

 

Supprimer Ctfmon

Suppression des fonctionnalités Modes d'entrée utilisateur complémentaires des Services de texte

Démarrer-> Panneau de configuration.

-> Options régionales, date, heure et langue,

-> Options régionales et linguistiques.

Sous l'onglet Langues, cliquez sur Détails.

Sous Services installés, sélectionnez chaque élément d'entrée répertorié,

->cliquez sur Supprimer pour supprimer l'élément en question.

Tous les éléments doivent être supprimés, un par un, à l'exception du service d'entrée suivant :

Français (France) – clavier : Français

Ensuite

Démarrer->Exécuter ->

Taper:

Regsvr32.exe /u msimtf.dll

Cliquez sur OK.

Répétez pour le fichier Msctf.dll.

[romcore1]

Merci Pear pour ton aide!!

alors déjà voilà le log de OTM :

 

All processes killed

========== PROCESSES ==========

No active process named Bonjour Service was found!

========== FILES ==========

File/Folder c:\program files\daemon tools searchbar\search.dll not found.

File/Folder c:\windows\system32\service.exe not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\service deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 496 bytes

->Temporary Internet Files folder emptied: 1022105 bytes

->FireFox cache emptied: 2918869 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: HP ZV 5214 ea

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\S961ETCH\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQcatrefZC12QQdfspZ1QQfclZ3QQflocZ1QQfromZR14QQfrppZ50

QQfrtsZ50QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQsaaffZafdefau[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\S961ETCH\bmw_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZs

earchQQcopagenumZ1QQdfspZ2QQfromZR10QQftrtZ1QQftrvZ1QQga10244Z10425QQsabfmtsZ1QQs

acatZ9801QQsa[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\S961ETCH\coupe-diesel_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsea

rchQQcopagenumZ1QQdfspZ2QQfromZR10QQfrtsZ100QQftrtZ1QQftrvZ1QQga10244Z10425QQsabf

mt[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D30%2526nskip%253D0%2526hash%253Dbf49ecd2c783331e157a3d824c17b7a0%2526s%253D30%2526hash%253D4409642dab71fdc185c7456b8a6daaaa scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D40%2526nskip%253D0%2526hash%253D4409642dab71fdc185c7456b8a6daaaa%2526s%253D40%2526hash%253D0ed39d2defece80c03f5e615b6b50973 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D60%2526nskip%253D0%2526hash%253D5428264b33e39f135bc0db0bfdbff6ac%2526s%253D60%2526hash%253D83e668460dae5f2731f5ef6d70b7107b scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D110%2526nskip%253D1%2526hash%253Dae087338b407e98ea8cfb546e9bd5853%2526s%253D110%2526hash%253D165e32b72a4a5bcf4b51d41d607236e6 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D120%2526nskip%253D1%2526hash%253D165e32b72a4a5bcf4b51d41d607236e6%2526s%253D120%2526hash%253D43fa648f3d922522dd2c2f8a456abe35 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\dref=http%253A%252F%252Fwww.facebook[1].php%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253D0d920ac14125a42685e8e5e10b2d4f96 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\dref=http%253A%252F[1].php%253Fk%253D100000004%2526id%253D6732063017%2526gr%253D2%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253D40269de5757fb0d6c62d9495af46878d scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\K986K4YY\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D50%2526nskip%253D0%2526hash%253D0ed39d2defece80c03f5e615b6b50973%2526s%253D50%2526hash%253D5428264b33e39f135bc0db0bfdbff6ac scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\K986K4YY\dref=http%253A%252F%252Fwww[1].php%253Fq%253Dart%2526n%253D-1%2526k%253D40000000020%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253Daad7a354a9085ba5967d7116498840cb scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CATZ2NH6\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQafcjZQQafmpZQQaftdZQQcatrefZC12QQdfspZ1QQfclZ3QQfloc

Z1QQfromZR14QQfrppZ50QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQn[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CATZ2NH6\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQcatrefZC12QQdfspZ1QQfclZ3QQflocZ1QQfromZR14QQfrppZ50

QQfrtsZ150QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQsaaffZafdefa[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CATZ2NH6\audi-tt_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQ

QcopagenumZ1QQdfspZ2QQfromZR10QQftrtZ1QQftrvZ1QQga10244Z10425QQsabfmtsZ1QQsacatZ9

801[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\C56FW5U7\3Dfunpix%2526st%253D12%2526se%253DtOh2YvcBUP9mx-XdR7f2_a_PwP1xKZfcrVhUccJBrOxVCL2IHxhLCc0cPXXqFtwnr4-Y_pjpa4Bb1SHpwm7GaFYa7TAeO7PqLTfueUl0t5T5VIhh51LbfQUS21ETfREW%2526view%253D0 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\61LZ7PET\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D140%2526nskip%253D1%2526hash%253D8102340ddbead5d5e2e2ea5b927db22f%2526s%253D140%2526hash%253D77a034e860f35b757f49f545cd5607ca scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\61LZ7PET\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D150%2526nskip%253D1%2526hash%253D77a034e860f35b757f49f545cd5607ca%2526s%253D150%2526hash%253D03b749226d470c48c8af6715ae251024 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\61LZ7PET\dref=http%253A%252F%252Fwww[1].php%253Fq%253Dalain+delon%2526k%253D200000010%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253D38e8ff40970468bca9bcabd3ab07956c scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\2GW9KRJY\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQcatrefZC12QQdfspZ1QQfclZ3QQflocZ1QQfromZR14QQfrppZ50

QQfrtsZ100QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQsaaffZafdefa[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\2GW9KRJY\coupe-diesel_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsea

rchQQcopagenumZ1QQdfspZ2QQfromZR10QQfrtsZ50QQftrtZ1QQftrvZ1QQga10244Z10425QQsabfm

ts[2].htm scheduled to be deleted on reboot.

->Temp folder emptied: -1886499505 bytes

->Temporary Internet Files folder emptied: 41973860 bytes

->Java cache emptied: 5182205 bytes

->FireFox cache emptied: 77057086 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 7152013 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 34706 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19528 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c4.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 18288849 bytes

RecycleBin emptied: 30285089 bytes

 

Total Files Cleaned = -1623,66 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09032009_122433

 

Files moved on Reboot...

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\S961ETCH\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQcatrefZC12QQdfspZ1QQfclZ3QQflocZ1QQfromZR14QQfrppZ50

QQfrtsZ50QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQsaaffZafdefau[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\S961ETCH\bmw_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZs

earchQQcopagenumZ1QQdfspZ2QQfromZR10QQftrtZ1QQftrvZ1QQga10244Z10425QQsabfmtsZ1QQs

acatZ9801QQsa[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\S961ETCH\coupe-diesel_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsea

rchQQcopagenumZ1QQdfspZ2QQfromZR10QQfrtsZ100QQftrtZ1QQftrvZ1QQga10244Z10425QQsabf

mt[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D30%2526nskip%253D0%2526hash%253Dbf49ecd2c783331e157a3d824c17b7a0%2526s%253D30%2526hash%253D4409642dab71fdc185c7456b8a6daaaa not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D40%2526nskip%253D0%2526hash%253D4409642dab71fdc185c7456b8a6daaaa%2526s%253D40%2526hash%253D0ed39d2defece80c03f5e615b6b50973 not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D60%2526nskip%253D0%2526hash%253D5428264b33e39f135bc0db0bfdbff6ac%2526s%253D60%2526hash%253D83e668460dae5f2731f5ef6d70b7107b not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D110%2526nskip%253D1%2526hash%253Dae087338b407e98ea8cfb546e9bd5853%2526s%253D110%2526hash%253D165e32b72a4a5bcf4b51d41d607236e6 not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D120%2526nskip%253D1%2526hash%253D165e32b72a4a5bcf4b51d41d607236e6%2526s%253D120%2526hash%253D43fa648f3d922522dd2c2f8a456abe35 not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\dref=http%253A%252F%252Fwww.facebook[1].php%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253D0d920ac14125a42685e8e5e10b2d4f96 not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNED7B3T\dref=http%253A%252F[1].php%253Fk%253D100000004%2526id%253D6732063017%2526gr%253D2%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253D40269de5757fb0d6c62d9495af46878d not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\K986K4YY\%253Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D50%2526nskip%253D0%2526hash%253D0ed39d2defece80c03f5e615b6b50973%2526s%253D50%2526hash%253D5428264b33e39f135bc0db0bfdbff6ac not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\K986K4YY\dref=http%253A%252F%252Fwww[1].php%253Fq%253Dart%2526n%253D-1%2526k%253D40000000020%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253Daad7a354a9085ba5967d7116498840cb not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CATZ2NH6\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQafcjZQQafmpZQQaftdZQQcatrefZC12QQdfspZ1QQfclZ3QQfloc

Z1QQfromZR14QQfrppZ50QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQn[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CATZ2NH6\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQcatrefZC12QQdfspZ1QQfclZ3QQflocZ1QQfromZR14QQfrppZ50

QQfrtsZ150QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQsaaffZafdefa[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CATZ2NH6\audi-tt_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQ

QcopagenumZ1QQdfspZ2QQfromZR10QQftrtZ1QQftrvZ1QQga10244Z10425QQsabfmtsZ1QQsacatZ9

801[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\C56FW5U7\3Dfunpix%2526st%253D12%2526se%253DtOh2YvcBUP9mx-XdR7f2_a_PwP1xKZfcrVhUccJBrOxVCL2IHxhLCc0cPXXqFtwnr4-Y_pjpa4Bb1SHpwm7GaFYa7TAeO7PqLTfueUl0t5T5VIhh51LbfQUS21ETfREW%2526view%253D0 not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\61LZ7PET\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D140%2526nskip%253D1%2526hash%253D8102340ddbead5d5e2e2ea5b927db22f%2526s%253D140%2526hash%253D77a034e860f35b757f49f545cd5607ca not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\61LZ7PET\53Fq%253Dmuscles%2526k%253D200000010%2526nstart%253D150%2526nskip%253D1%2526hash%253D77a034e860f35b757f49f545cd5607ca%2526s%253D150%2526hash%253D03b749226d470c48c8af6715ae251024 not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\61LZ7PET\dref=http%253A%252F%252Fwww[1].php%253Fq%253Dalain+delon%2526k%253D200000010%2526nstart%253D10%2526nskip%253D0%2526s%253D10%2526hash%253D38e8ff40970468bca9bcabd3ab07956c not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\2GW9KRJY\alfa-giulia_Auto-Pieces-et-equipement_W0QQ_trksidZm37QQcatrefZC12QQdfspZ1QQfclZ3QQflocZ1QQfromZR14QQfrppZ50

QQfrtsZ100QQfssZ0QQftrtZ1QQftrvZ1QQga10244Z10425QQsaaffZafdefa[1].htm not found!

File C:\Documents and Settings\HP ZV 5214 ea\Local Settings\Temp\Temporary Internet Files\Content.IE5\2GW9KRJY\coupe-diesel_Automobiles_W0QQ_trksidZm37QQcatrefZC6QQcoactionZcompareQQcoentrypageZsea

rchQQcopagenumZ1QQdfspZ2QQfromZR10QQfrtsZ50QQftrtZ1QQftrvZ1QQga10244Z10425QQsabfm

ts[2].htm not found!

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_5c4.dat moved successfully.

 

Registry entries deleted on Reboot...

[romcore1]

et le log de MBAM :

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2734

Windows 5.1.2600 Service Pack 2

 

03/09/2009 14:49:42

mbam-log-2009-09-03 (14-49-42).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 267834

Temps écoulé: 1 hour(s), 11 minute(s), 36 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 13

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\Save (Adware.WhenU) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\Save\ffext.mod (Adware.WhenU) -> Quarantined and deleted successfully.

C:\Program Files\Save\store.db (Adware.WhenU) -> Quarantined and deleted successfully.

[romcore1]

Mission accomplie !!! Merci pear !!!