Je suis chez ma maman et je nettoie un peu son pc .
J'ai retiré toutes les toolbars comme vous m'avez si bien appris
J'ai passé un malwarbyte's et j'ai trouvé 55 éléments infectés .
J'ai cru reconnaitre un Navipromo j'ai besoin de confirmation n'étant pas encore diplomée !
Voici le rapport :
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Version de la base de données: 4451
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20/08/2010 15:28:06
mbam-log-2010-08-20 (15-28-06).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 204707
Temps écoulé: 2 heure(s), 14 minute(s), 20 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 43
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\epk_extr (Trojan.Skintrim) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\phillipe\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\phillipe\Local Settings\Application Data\rhjcsp_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rhjcsp_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rhjcsp.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rmkbkcxkf_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rmkbkcxkf_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rmkbkcxkf.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
http://www.malwarebytes.org
Version de la base de données: 4451
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20/08/2010 15:28:06
mbam-log-2010-08-20 (15-28-06).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 204707
Temps écoulé: 2 heure(s), 14 minute(s), 20 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 43
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\epk_extr (Trojan.Skintrim) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\phillipe\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\phillipe\Local Settings\Application Data\rhjcsp_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rhjcsp_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rhjcsp.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rmkbkcxkf_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rmkbkcxkf_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Local Settings\Application Data\rmkbkcxkf.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\phillipe\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:46:46, on 20/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OfferBox\OfferBox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Thrustmaster USB PC Camera
O4 - HKLM\..\Run: [Graphic Update] C:\DOCUME~1\phillipe\LOCALS~1\Temp\msnmsgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DialFlirt] C:\Program Files\DialFlirt\dialmsn.exe
O4 - HKCU\..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SM.lnk = ?
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Thrustmaster USB PC Camera
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Easy PDF Creator Printing (Service1) - Unknown owner - C:\Program Files\Easy PDF Creator\EasyPrinting.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://image.blingee.com/images14/conte ... 9d942f.gif
O24 - Desktop Component 1: (no name) - http://image.blingee.com/images14/conte ... 9a30f8.gif
--
End of file - 8405 bytes
Scan saved at 15:46:46, on 20/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OfferBox\OfferBox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Thrustmaster USB PC Camera
O4 - HKLM\..\Run: [Graphic Update] C:\DOCUME~1\phillipe\LOCALS~1\Temp\msnmsgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weflirt] "C:\Program Files\Weflirt\weflirt.exe" -background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DialFlirt] C:\Program Files\DialFlirt\dialmsn.exe
O4 - HKCU\..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SM.lnk = ?
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Thrustmaster USB PC Camera
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Easy PDF Creator Printing (Service1) - Unknown owner - C:\Program Files\Easy PDF Creator\EasyPrinting.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://image.blingee.com/images14/conte ... 9d942f.gif
O24 - Desktop Component 1: (no name) - http://image.blingee.com/images14/conte ... 9a30f8.gif
--
End of file - 8405 bytes
Merci d'avance à mes sauveurs.
Signée une tite fée bien ennuyée !
vous 2
)
