Analyse HijackThis , Worm.Win32.Netsky

[Tatonkkk]

Bonjour a tous,

 

Voilà mon problème. Alors que j'étais sur internet, tout a coup Avast me signale un virus. Je le supprime et le message indiquant l'apparition de ce virus ne fait que réapparaitre dès que je supprime ou met en quarantaine le virus en question.

Je décide donc de tout arrêter et de lancer un scan au redémarrage.

Le scan se fait sans problèmes, je vois même qu'il me supprime le virus qui m'avait causé des problèmes, et mon Pc redémarre.

C'est là que commence le vrai problème.

Après l'écran de Bienvenu de Windows (Je suis sous XP), je vois uniquement mon fond d'écran avec un message d'erreur me disant ceci :

 

Security Warning

 

Worm.Win32.Netsky detected on your machine.

The virus is distributed via the Internet trough e-mail and Active-X objects.

The worm has its own SMTP engine wich means its gathers e-mails from your local computer and re-destributes itself.

In worst cases this worm can allow attachers to acces your computer, stealing passwords and personnal data.

Viruses can damage your confidential data and work on your computer.

Continue working in unprotected mode is very dangerous.

Type : Virus

System Affected : Windows 2000, NT, ME, XP, Vista, 7

Security Risk (0-5) : 5

Recomendations ; It is necessary to perform a full system scan.

 

Et la une fois que je ferme cette fenêtre mon ordi démarre mais mon fond d'écran disparait et il est remplacé par un fond d'écran vert fluo avec au centre écrit en gros en rouge (pour que mette encore plus la pression) :

 

YOUR SYSTEM IS INFECTED

System has been stopped due to a serious malfunction.

Spyware activity has been detected.

Itis recommened to use spyware removal tool to prevent data loss.

Do not use the computer before all spyware removed.

 

Et là le PC rame à mort et je ne peux plus rentrer dans aucun dossier.

 

De plus au bout d'un certain moment (une fois que le PC a démarré complètement en un quart d'heure minimum ) un autre message apparait disant :

 

Warning

 

Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files.

Your private information and PC safety is a risk. To get ride of unwanted spyware and keep your computer safe you need update your current security software.

Clik OK to download official intrusion detection system (IDS software).

 

 

Bien sûr si on clique sur OK, parce que au bout d'un moment j'ai quand même tenté, il ne se passe rien.

Ce message réapparait régulièrement.

 

En mode sans échec je peux accèder à mes données mais j'ai le même message d'erreur au démarrage avec le même fond d'écran.

 

Bref voilà le rapport HijackThis que j'ai obtenu :

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:41:20, on 13/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\WINDOWS\system32\smss32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\system32\IcoSauve.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\max\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\Play Clock.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [MP3BUILD] C:\DOCUME~1\max\APPLIC~1\WMASCR~1\cash exit.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Startup: wwwzuc32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010050810

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O15 - Trusted Zone: http://*.buy-security-essentials.com'>http://*.buy-security-essentials.com

O15 - Trusted Zone: http://*.download-soft-package.com

O15 - Trusted Zone: http://*.download-software-package.com

O15 - Trusted Zone: http://*.get-key-se10.com'>http://*.get-key-se10.com

O15 - Trusted Zone: http://*.is-software-download.com

O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)

O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://www.fingersnow.fr/plugin/DFusionHom...n.Installer.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

 

 

Je suis en grosse glalère là.

 

Merci par avance de m'aider ou même me dire si il vaut mieux que j'arrêtes tout.

[Apollo]

Bonjour,

 

Il ne faut jamais cliquer sur ce genre de message! C'est un rogue (arnaque).

 

Ton ordi est multi-infecté.

 

Étape 1: rkill (de Grinler), téléchargement

Télécharger rkill depuis l'un des liens ci-dessous:

 

Lien 1

Lien 2

Lien 3

Lien 4

 

Enregistrer le fichier sur le Bureau.

 

 

Étape 2: Pas de processus de contrôle en temps réel

Désactiver le module résident de l'antivirus et celui de l'antispyware.

 

 

Étape 3: rkill (de Grinler), exécution

Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

 

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

 

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

 

Le rapport se trouve sous C:\rkill/txt --> Poste-le stp.

-------------------------------------

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

---------------------------------

Désinstalle ta vieille version d'Hijackthis.

 

Télécharge Hijackthis 2.0.4 et enregistre-le sur le bureau.

 

Sous XP, double clique sur l'icône

 

Sous Vista, fais un clic droit sur l'icône/exécuter en temps qu'administrateur.

 

Clique sur "Scan".

 

Clique ensuite sur "Save log", un fichier texte avec le rapport doit s'ouvrir.

 

Sauvegarde le fichier texte sur le bureau.

 

Fais un clic droit sur le texte ouvert, clique encore avec le bouton droit puis clique sur "copier".

 

Colle le résultat dans ta réponse stp.

 

@++

[Tatonkkk]

Bonjour,

 

Voici les différents rapport d'analyse donnés par MBAM et HijackThis. En ce qui concerne rkill le message est le suivant :

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as max on 14/05/2010 at 22:46:15.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Documents and Settings\max\Bureau\rkill.exe

 

 

Rkill completed on 14/05/2010 at 22:46:16.

 

 

 

Le rapport MBAM :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4060

 

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 7.0.5730.11

 

14/05/2010 23:39:50

mbam-log-2010-05-14 (23-39-50).txt

 

Type d'examen: Examen complet (C:\|D:\|I:\|)

Elément(s) analysé(s): 160746

Temps écoulé: 1 heure(s), 2 minute(s), 18 seconde(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 153

Valeur(s) du Registre infectée(s): 14

Elément(s) de données du Registre infecté(s): 15

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 42

 

Processus mémoire infecté(s):

C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{773b1aad-a8dd-4010-a903-cdb32938f595} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\AutocompletePro.DLL (Adware.PredictAd) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\support@predictad.com (Adware.PredictAd) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.

 

Fichier(s) infecté(s):

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP569\A0021911.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022409.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022410.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022411.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022412.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022413.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022414.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022415.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022416.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022417.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022419.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022431.dll (Adware.PredictAd) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022441.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022443.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022446.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022447.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022448.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022449.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022450.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022451.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{002B5731-8854-4DEE-B6FE-C0ACF0965906}\RP574\A0022452.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iexpress.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

I:\ji83j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

I:\Recycled\INFO.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ES15.exe (Rogue.SecurityEsssentials) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\max\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

et le rapport HijackThis :

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:47:36, on 14/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\max\Bureau\antivirus\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\Play Clock.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [MP3BUILD] C:\DOCUME~1\max\APPLIC~1\WMASCR~1\cash exit.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RÉSEAU')

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Startup: wwwzuc32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://www.fingersnow.fr/plugin/DFusionHom...n.Installer.exe

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.et,$»·

!ŒA‡ˆº|Mm±ª”¨+]T‰®ÔÀ‘Zc×C¯YvfÔí½£ÞÛ2ª¦«’ÀõtÍIR…¡‚ª5šgTy)*¢“HbS^‡"º)Å­ÔW¤ðc>¢Ÿ?ðÙéÔu‘C¡ªž—þÔunˆžâøÓÛÛ²7ÇaïGªÌM½ê²µ•8ú8§Ç=-NR¦ LëYQ’Ê@'§‚#ËOMI.§.‚µäý¾ù{¹µÅÓŠ\ÀML´•ÞA#š¨!D*q@ NöHÚÚ>ãÇçþ¯çÄ磗´¶¶dmŒÐÛ”qP`öÞ&‡

‹¥Š(bXé( H#gZx „Ï.r2¢ë‘™ˆ¹ö0†$‚(á‰@@ |‡ÙÓê¡T*Œ

 

 

 

Voilà, par contre j'ai réalisé toutes ces manipulations en mode sans échec parce que en mode normal le PC fonctionnait vraiment au ralentit et ça devenait preque impossible de lancer la moindre tache ou installations.

 

De plus, lorsque MBAM a terminer le scan et supprimé les différents malwares, mon PC a redémarré comme c'était demandé par le programme et là à ma grande surprise, le démarrage se fit sans le message d'erreur certes mais plus rien ne fonctionnait.

Rien ne s'affichait. Un fond bleu apparaissait et une bande bleue plus foncé à la place de la barre démarrer en bas de l'écran et rien d'autre. Aucune icône, pas la barre de taches contenant le démarrer,... Rien de rien.

J'ai du redémarrer en mode sans échec pour avoir enfin accès au PC de façon normale et pouvoir faire le rapport d'HijackThis.

 

Ne sachant pas si cette précision est importante ou même si ce phénomène est normal (ou même si c'est le fait de tout avoir réalisé en mode sans échec qui à donné cette réaction), je préfère le stipuler.

 

 

Merci par avance pour la suite de mon analyse.

 

A+

[Apollo]

Re,

 

Et qu'en est-il actuellement?

 

Je remarque que tu as une version "allégée" de XP.

Il y a des risques à faire intervenir certains outils de nettoyage sur ces systèmes parce qu'il leur manque pas mal de composants.

 

Si tu as le cd original de Microsoft, je te conseille de réinstaller XP mais complètement.

 

Ceci dit le pc est toujours infecté.

 

Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Ou: http://eric71.geekstogo.com/tools/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Sous Vista: Clic droit/exécuter en temps qu'administrateur ***

 

Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

--------------------------------------------

 

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

-----------------------------------

Poste alors un nouveau log Hijackthis stp.

 

@++

[Tatonkkk]

Re

 

 

En ce qui conerne ma version de windows, on me l'a installé et je n'ai aucun cd d'installation ou de moyen de le réinstaller.

 

Voici le premier rapport lopR :

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2600+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : max ( Administrator )

BOOT : Fail-safe boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:30 Go (Free:17 Go)

D:\ (Local Disk) - NTFS - Total:43 Go (Free:43 Go)

E:\ (USB)

F:\ (USB)

G:\ (CD or DVD)

H:\ (CD or DVD)

I:\ (USB) - FAT32 - Total:1931 Mo (Free:0 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 15/05/2010|13:28 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[13/03/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[13/12/2009|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[08/04/2008|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative

[26/10/2009|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[21/08/2007|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

[20/12/2007|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files

[18/08/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/05/2010|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[16/09/2009|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[13/08/2009|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[12/03/2010|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

[04/03/2007|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[10/02/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

[28/01/2010|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load

[28/01/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[27/01/2007|22:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[27/01/2007|22:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[23/02/2007|13:13] C:\DOCUME~1\max\APPLIC~1\AccurateRip

[02/09/2008|20:21] C:\DOCUME~1\max\APPLIC~1\Adobe

[27/01/2007|23:07] C:\DOCUME~1\max\APPLIC~1\aignes

[13/12/2009|18:32] C:\DOCUME~1\max\APPLIC~1\AVS4YOU

[15/03/2007|22:56] C:\DOCUME~1\max\APPLIC~1\BitZipper

[04/03/2007|19:09] C:\DOCUME~1\max\APPLIC~1\DivX

[03/03/2007|13:56] C:\DOCUME~1\max\APPLIC~1\FinalBurner DATA

[11/08/2008|13:19] C:\DOCUME~1\max\APPLIC~1\Google

[27/01/2007|23:07] C:\DOCUME~1\max\APPLIC~1\gtopala

[02/02/2007|17:11] C:\DOCUME~1\max\APPLIC~1\Help

[08/06/2008|18:49] C:\DOCUME~1\max\APPLIC~1\ICAClient

[27/01/2007|23:06] C:\DOCUME~1\max\APPLIC~1\Identities

[15/02/2009|21:45] C:\DOCUME~1\max\APPLIC~1\LimeWire

[27/01/2007|23:02] C:\DOCUME~1\max\APPLIC~1\Macromedia

[14/05/2010|22:28] C:\DOCUME~1\max\APPLIC~1\Malwarebytes

[16/09/2009|20:57] C:\DOCUME~1\max\APPLIC~1\Microsoft

[28/01/2007|10:52] C:\DOCUME~1\max\APPLIC~1\Microsoft Web Folders

[05/09/2008|20:20] C:\DOCUME~1\max\APPLIC~1\Mozilla

[10/08/2008|12:13] C:\DOCUME~1\max\APPLIC~1\Real

[06/06/2009|18:18] C:\DOCUME~1\max\APPLIC~1\Samsung

[27/01/2007|23:02] C:\DOCUME~1\max\APPLIC~1\Sun

[04/03/2007|18:08] C:\DOCUME~1\max\APPLIC~1\Symantec

[10/02/2008|14:33] C:\DOCUME~1\max\APPLIC~1\TomTom

[04/09/2007|17:30] C:\DOCUME~1\max\APPLIC~1\WinRAR

[28/01/2010|22:21] C:\DOCUME~1\max\APPLIC~1\wmascrping

 

[27/01/2007|22:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[04/03/2007|18:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[15/05/2010 10:34][--a------] C:\WINDOWS\tasks\WGASetup.job

[15/05/2010 13:26][--ah-----] C:\WINDOWS\tasks\SA.DAT

[06/09/2002 22:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13/03/2008|14:07] C:\Program Files\Adobe

[03/03/2007|15:22] C:\Program Files\ahead

[17/08/2007|18:11] C:\Program Files\Alwil Software

[12/05/2010|22:50] C:\Program Files\AVS4YOU

[16/03/2007|00:04] C:\Program Files\BitZipper

[08/06/2008|18:48] C:\Program Files\Citrix

[27/01/2007|22:28] C:\Program Files\ComPlus Applications

[12/05/2010|23:24] C:\Program Files\Creative

[17/01/2008|20:02] C:\Program Files\DivX

[08/05/2010|17:06] C:\Program Files\eMule

[13/12/2009|18:23] C:\Program Files\Fichiers communs

[26/10/2009|22:46] C:\Program Files\Google

[21/08/2007|19:51] C:\Program Files\Grisoft

[23/02/2007|13:12] C:\Program Files\Illustrate

[06/06/2009|18:07] C:\Program Files\InstallShield Installation Information

[30/03/2010|21:21] C:\Program Files\Internet Explorer

[03/03/2007|14:56] C:\Program Files\ISOpen

[01/10/2007|18:39] C:\Program Files\Java

[27/01/2007|22:47] C:\Program Files\JEUX

[18/08/2007|13:31] C:\Program Files\Lavasoft

[14/05/2010|22:25] C:\Program Files\Malwarebytes' Anti-Malware

[16/09/2009|20:29] C:\Program Files\Microsoft

[29/08/2007|14:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[28/01/2007|10:52] C:\Program Files\microsoft frontpage

[28/01/2007|10:52] C:\Program Files\Microsoft Office

[21/01/2010|09:04] C:\Program Files\Microsoft Silverlight

[16/09/2009|20:30] C:\Program Files\Microsoft SQL Server Compact Edition

[16/09/2009|20:31] C:\Program Files\Microsoft Sync Framework

[28/01/2007|10:54] C:\Program Files\Microsoft Visual Studio

[11/03/2010|09:28] C:\Program Files\Movie Maker

[25/11/2007|17:42] C:\Program Files\Mozilla Firefox

[06/08/2009|21:02] C:\Program Files\MSBuild

[27/01/2007|22:28] C:\Program Files\MSN Gaming Zone

[27/01/2007|22:48] C:\Program Files\MSXML 4.0

[29/08/2007|14:35] C:\Program Files\MSXML 6.0

[27/01/2007|22:29] C:\Program Files\NetMeeting

[13/08/2009|11:36] C:\Program Files\NOS

[12/05/2010|23:05] C:\Program Files\Outlook Express

[03/10/2007|18:36] C:\Program Files\Panda Security

[20/02/2007|15:21] C:\Program Files\Real

[06/08/2009|21:02] C:\Program Files\Reference Assemblies

[29/05/2007|22:16] C:\Program Files\Rip It !

[28/01/2007|10:10] C:\Program Files\SAGEM

[06/06/2009|18:05] C:\Program Files\Samsung

[05/05/2007|15:59] C:\Program Files\Singular Inversions

[28/01/2007|10:53] C:\Program Files\Snapshot Viewer

[04/03/2007|18:35] C:\Program Files\Symantec

[10/02/2008|14:30] C:\Program Files\TomTom DesktopSuite

[10/02/2008|14:33] C:\Program Files\TomTom HOME 2

[27/01/2007|22:28] C:\Program Files\Uninstall Information

[27/01/2007|22:47] C:\Program Files\UTILS

[17/11/2007|19:45] C:\Program Files\Veoh Networks

[12/05/2010|22:50] C:\Program Files\VirginMega

[13/05/2010|12:18] C:\Program Files\Wanadoo

[28/01/2007|10:10] C:\Program Files\Wanadoo Messager

[15/03/2007|22:39] C:\Program Files\WinAce

[16/09/2009|20:32] C:\Program Files\Windows Live

[16/09/2009|20:29] C:\Program Files\Windows Live SkyDrive

[27/01/2007|23:01] C:\Program Files\Windows Media Connect 2

[27/01/2007|23:01] C:\Program Files\Windows Media Player

[27/01/2007|22:27] C:\Program Files\Windows NT

[27/01/2007|22:30] C:\Program Files\WindowsUpdate

[04/09/2007|17:30] C:\Program Files\WinRAR

[03/01/2010|13:42] C:\Program Files\wmascrping

[27/01/2007|22:47] C:\Program Files\WSTARTUP

[27/01/2007|22:32] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[13/03/2008|14:08] C:\Program Files\Fichiers communs\Adobe

[12/05/2010|22:50] C:\Program Files\Fichiers communs\AVSMedia

[28/01/2007|10:54] C:\Program Files\Fichiers communs\Designer

[04/03/2007|17:52] C:\Program Files\Fichiers communs\InstallShield

[01/10/2007|18:37] C:\Program Files\Fichiers communs\Java

[13/12/2009|18:23] C:\Program Files\Fichiers communs\Microsoft Shared

[27/01/2007|22:29] C:\Program Files\Fichiers communs\MSSoap

[27/01/2007|23:02] C:\Program Files\Fichiers communs\ODBC

[11/08/2008|13:09] C:\Program Files\Fichiers communs\Real

[27/01/2007|22:29] C:\Program Files\Fichiers communs\Services

[27/01/2007|23:02] C:\Program Files\Fichiers communs\SpeechEngines

[04/03/2007|18:35] C:\Program Files\Fichiers communs\Symantec Shared

[29/08/2007|14:34] C:\Program Files\Fichiers communs\System

[16/09/2009|20:17] C:\Program Files\Fichiers communs\Windows Live

[18/08/2007|13:31] C:\Program Files\Fichiers communs\Wise Installation Wizard

[11/08/2008|13:09] C:\Program Files\Fichiers communs\xing shared

 

--------------------\\ Process

 

( 15 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load

C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Keep web.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Play Clock.dat

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\Play Clock.exe"

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-15 13:29:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 183

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:2350][D:34]-> C:\DOCUME~1\max\LOCALS~1\Temp

[F:57][D:0]-> C:\DOCUME~1\max\Cookies

[F:1261][D:14]-> C:\DOCUME~1\max\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 15/05/2010|13:32 - Option : [1]

 

--------------------\\ Fin du rapport a 13:32:00

 

 

 

 

et voici le second suite à la suppression :

 

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2600+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : max ( Administrator )

BOOT : Fail-safe boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:30 Go (Free:17 Go)

D:\ (Local Disk) - NTFS - Total:43 Go (Free:43 Go)

E:\ (USB)

F:\ (USB)

G:\ (CD or DVD)

H:\ (CD or DVD)

I:\ (USB) - FAT32 - Total:1931 Mo (Free:0 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 15/05/2010|13:35 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Keep web.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Play Clock.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[13/03/2008|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[13/12/2009|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[08/04/2008|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative

[26/10/2009|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[21/08/2007|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

[20/12/2007|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files

[18/08/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[14/05/2010|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[16/09/2009|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[13/08/2009|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[12/03/2010|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

[04/03/2007|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[10/02/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

[28/01/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[27/01/2007|22:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[27/01/2007|22:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[23/02/2007|13:13] C:\DOCUME~1\max\APPLIC~1\AccurateRip

[02/09/2008|20:21] C:\DOCUME~1\max\APPLIC~1\Adobe

[27/01/2007|23:07] C:\DOCUME~1\max\APPLIC~1\aignes

[13/12/2009|18:32] C:\DOCUME~1\max\APPLIC~1\AVS4YOU

[15/03/2007|22:56] C:\DOCUME~1\max\APPLIC~1\BitZipper

[04/03/2007|19:09] C:\DOCUME~1\max\APPLIC~1\DivX

[03/03/2007|13:56] C:\DOCUME~1\max\APPLIC~1\FinalBurner DATA

[11/08/2008|13:19] C:\DOCUME~1\max\APPLIC~1\Google

[27/01/2007|23:07] C:\DOCUME~1\max\APPLIC~1\gtopala

[02/02/2007|17:11] C:\DOCUME~1\max\APPLIC~1\Help

[08/06/2008|18:49] C:\DOCUME~1\max\APPLIC~1\ICAClient

[27/01/2007|23:06] C:\DOCUME~1\max\APPLIC~1\Identities

[15/02/2009|21:45] C:\DOCUME~1\max\APPLIC~1\LimeWire

[27/01/2007|23:02] C:\DOCUME~1\max\APPLIC~1\Macromedia

[14/05/2010|22:28] C:\DOCUME~1\max\APPLIC~1\Malwarebytes

[16/09/2009|20:57] C:\DOCUME~1\max\APPLIC~1\Microsoft

[28/01/2007|10:52] C:\DOCUME~1\max\APPLIC~1\Microsoft Web Folders

[05/09/2008|20:20] C:\DOCUME~1\max\APPLIC~1\Mozilla

[10/08/2008|12:13] C:\DOCUME~1\max\APPLIC~1\Real

[06/06/2009|18:18] C:\DOCUME~1\max\APPLIC~1\Samsung

[27/01/2007|23:02] C:\DOCUME~1\max\APPLIC~1\Sun

[04/03/2007|18:08] C:\DOCUME~1\max\APPLIC~1\Symantec

[10/02/2008|14:33] C:\DOCUME~1\max\APPLIC~1\TomTom

[04/09/2007|17:30] C:\DOCUME~1\max\APPLIC~1\WinRAR

[28/01/2010|22:21] C:\DOCUME~1\max\APPLIC~1\wmascrping

 

[27/01/2007|22:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[04/03/2007|18:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[15/05/2010 10:34][--a------] C:\WINDOWS\tasks\WGASetup.job

[15/05/2010 13:26][--ah-----] C:\WINDOWS\tasks\SA.DAT

[06/09/2002 22:59][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13/03/2008|14:07] C:\Program Files\Adobe

[03/03/2007|15:22] C:\Program Files\ahead

[17/08/2007|18:11] C:\Program Files\Alwil Software

[12/05/2010|22:50] C:\Program Files\AVS4YOU

[16/03/2007|00:04] C:\Program Files\BitZipper

[08/06/2008|18:48] C:\Program Files\Citrix

[27/01/2007|22:28] C:\Program Files\ComPlus Applications

[12/05/2010|23:24] C:\Program Files\Creative

[17/01/2008|20:02] C:\Program Files\DivX

[08/05/2010|17:06] C:\Program Files\eMule

[13/12/2009|18:23] C:\Program Files\Fichiers communs

[26/10/2009|22:46] C:\Program Files\Google

[21/08/2007|19:51] C:\Program Files\Grisoft

[23/02/2007|13:12] C:\Program Files\Illustrate

[06/06/2009|18:07] C:\Program Files\InstallShield Installation Information

[30/03/2010|21:21] C:\Program Files\Internet Explorer

[03/03/2007|14:56] C:\Program Files\ISOpen

[01/10/2007|18:39] C:\Program Files\Java

[27/01/2007|22:47] C:\Program Files\JEUX

[18/08/2007|13:31] C:\Program Files\Lavasoft

[14/05/2010|22:25] C:\Program Files\Malwarebytes' Anti-Malware

[16/09/2009|20:29] C:\Program Files\Microsoft

[29/08/2007|14:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[28/01/2007|10:52] C:\Program Files\microsoft frontpage

[28/01/2007|10:52] C:\Program Files\Microsoft Office

[21/01/2010|09:04] C:\Program Files\Microsoft Silverlight

[16/09/2009|20:30] C:\Program Files\Microsoft SQL Server Compact Edition

[16/09/2009|20:31] C:\Program Files\Microsoft Sync Framework

[28/01/2007|10:54] C:\Program Files\Microsoft Visual Studio

[11/03/2010|09:28] C:\Program Files\Movie Maker

[25/11/2007|17:42] C:\Program Files\Mozilla Firefox

[06/08/2009|21:02] C:\Program Files\MSBuild

[27/01/2007|22:28] C:\Program Files\MSN Gaming Zone

[27/01/2007|22:48] C:\Program Files\MSXML 4.0

[29/08/2007|14:35] C:\Program Files\MSXML 6.0

[27/01/2007|22:29] C:\Program Files\NetMeeting

[13/08/2009|11:36] C:\Program Files\NOS

[12/05/2010|23:05] C:\Program Files\Outlook Express

[03/10/2007|18:36] C:\Program Files\Panda Security

[20/02/2007|15:21] C:\Program Files\Real

[06/08/2009|21:02] C:\Program Files\Reference Assemblies

[29/05/2007|22:16] C:\Program Files\Rip It !

[28/01/2007|10:10] C:\Program Files\SAGEM

[06/06/2009|18:05] C:\Program Files\Samsung

[05/05/2007|15:59] C:\Program Files\Singular Inversions

[28/01/2007|10:53] C:\Program Files\Snapshot Viewer

[04/03/2007|18:35] C:\Program Files\Symantec

[10/02/2008|14:30] C:\Program Files\TomTom DesktopSuite

[10/02/2008|14:33] C:\Program Files\TomTom HOME 2

[27/01/2007|22:28] C:\Program Files\Uninstall Information

[27/01/2007|22:47] C:\Program Files\UTILS

[17/11/2007|19:45] C:\Program Files\Veoh Networks

[12/05/2010|22:50] C:\Program Files\VirginMega

[13/05/2010|12:18] C:\Program Files\Wanadoo

[28/01/2007|10:10] C:\Program Files\Wanadoo Messager

[15/03/2007|22:39] C:\Program Files\WinAce

[16/09/2009|20:32] C:\Program Files\Windows Live

[16/09/2009|20:29] C:\Program Files\Windows Live SkyDrive

[27/01/2007|23:01] C:\Program Files\Windows Media Connect 2

[27/01/2007|23:01] C:\Program Files\Windows Media Player

[27/01/2007|22:27] C:\Program Files\Windows NT

[27/01/2007|22:30] C:\Program Files\WindowsUpdate

[04/09/2007|17:30] C:\Program Files\WinRAR

[03/01/2010|13:42] C:\Program Files\wmascrping

[27/01/2007|22:47] C:\Program Files\WSTARTUP

[27/01/2007|22:32] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[13/03/2008|14:08] C:\Program Files\Fichiers communs\Adobe

[12/05/2010|22:50] C:\Program Files\Fichiers communs\AVSMedia

[28/01/2007|10:54] C:\Program Files\Fichiers communs\Designer

[04/03/2007|17:52] C:\Program Files\Fichiers communs\InstallShield

[01/10/2007|18:37] C:\Program Files\Fichiers communs\Java

[13/12/2009|18:23] C:\Program Files\Fichiers communs\Microsoft Shared

[27/01/2007|22:29] C:\Program Files\Fichiers communs\MSSoap

[27/01/2007|23:02] C:\Program Files\Fichiers communs\ODBC

[11/08/2008|13:09] C:\Program Files\Fichiers communs\Real

[27/01/2007|22:29] C:\Program Files\Fichiers communs\Services

[27/01/2007|23:02] C:\Program Files\Fichiers communs\SpeechEngines

[04/03/2007|18:35] C:\Program Files\Fichiers communs\Symantec Shared

[29/08/2007|14:34] C:\Program Files\Fichiers communs\System

[16/09/2009|20:17] C:\Program Files\Fichiers communs\Windows Live

[18/08/2007|13:31] C:\Program Files\Fichiers communs\Wise Installation Wizard

[11/08/2008|13:09] C:\Program Files\Fichiers communs\xing shared

 

--------------------\\ Process

 

( 15 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-15 13:36:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 183

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:2350][D:34]-> C:\DOCUME~1\max\LOCALS~1\Temp

[F:57][D:0]-> C:\DOCUME~1\max\Cookies

[F:1261][D:14]-> C:\DOCUME~1\max\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 15/05/2010|13:32 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 15/05/2010|13:38 - Option : [2]

 

--------------------\\ Fin du rapport a 13:38:08

 

 

Suite à tout cela voici le rapport HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:45:30, on 15/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\max\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [MP3BUILD] C:\DOCUME~1\max\APPLIC~1\WMASCR~1\cash exit.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RÉSEAU')

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Startup: wwwzuc32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://newdesk.eur.sgcib.com/ICAWEB/en/ica32/wficat.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://www.fingersnow.fr/plugin/DFusionHom...n.Installer.exe

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 8345 bytes

 

 

 

 

En revanche il est toujours impossible de faire quoique ce soit si ce n'est pas en mode sans échec.

Dès que je démarre normalement le PC, je n'ai toujours aucune icône ou la barre démarrer en bas. Même en faisant la manip avec Ctrl Alt Suppr. (j'arrive à voir mes dossiers et à entrer dedans mais toujours rien de visible ou d'accessible sur le bureau.

 

Voilà

 

Merci par avance pour la suite

 

A+

[Apollo]

Bonjour,

 

Je ne te ferai pas passer ComboFix sur un tel système, cela risque de tout casser au lieu de réparer.

 

Ou alors ce serait à tes risques et périls.

 

Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien:

 

OTM

 

Ou ici: http://ottools.noahdfear.net/OTM.exe

 

• Double-clique sur OTM.exe pour le lancer (l'extension .exe peut ne pas apparaître)
   
  ---> sous VISTA/7: clic droit: exécuter en temps qu'administrateur.
   
  
• Copie l'entièreté du code ci-dessous.
  

  Go
  
  :Files
  c:\program files\wmascr~1
  
  
  :Services
  
  :Reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "MP3BUILD"=-
  
  
  :Commands
  
  [purity]
  [emptytemp]
  [start explorer]

  
   
  

• Colle ce code dans la partie jaune de OtMoveIt3 intitulée:
  "Paste Instructions for Items to be Moved"
   
  
• Clique sur le bouton Moveit! pour lancer le nettoyage:
   
  
• Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results
  --> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
  
• Ferme OTM en cliquant sur Exit:
  

Note : Si un fichier ou un dossier ne peut être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter.

 

*** L'outil va terminer son travail après le redémarrage du pc puis fournira son rapport; copie/colle le dans ta réponse stp.

 

@++

[Tatonkkk]

Re

 

Voici le dernier rapport obtenu avec OTM :

 

All processes killed

Error: Unable to interpret in the current context!

========== FILES ==========

c:\program files\wmascrping folder moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MP3BUILD deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 10540332 bytes

 

User: max

->Temp folder emptied: 230338307 bytes

->Temporary Internet Files folder emptied: 29694672 bytes

->Java cache emptied: 43522535 bytes

->FireFox cache emptied: 31000966 bytes

->Flash cache emptied: 1606948 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 32268951 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 47464444 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet

Files folder emptied: 34313 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 407,00 mb

 

 

OTM by OldTimer - Version 3.1.12.0 log created on 05152010_170634

 

 

 

Merci pour l'analyse de ce dernier

 

A+

[Tatonkkk]

Bonjour,

 

Je viens de regarder si j'avais eu des réponses quant à la suite de mon analyse et de mes infections et je viens de voir qu'Apollo qui me suivait depuis le début à décider d'arrêter toutes ces analyses.

 

Tout cela me désole pour lui et je peux le comprendre mais du coup je ne sais si mon analyse va être terminée.

 

Je lance donc un appel à qui veut bien m'aider pour poursuivre les différentes analyses et désinfecté mon PC.

 

Merci par avance et merci aussi à Apollo qui m'as aidé jusqu'à maintenant même si il décide d'arrêter.