Se connecter / S'enregistrer
Votre question

Ouverture de fenetre internet intempestive

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Avril 2010 22:10:03

Bonjour. Depuis hier soir, j'ai des ouvertures intempestives de fenêtres Internet Explorer qui mènent vers des sites de jeu en ligne. Après avoir consulté ce site, j'ai téléchargé hijackthis et lancé une analyse du système. Voici le rapport:

C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\windows\Wsiheb.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Wbx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,autorun.bat
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (file missing)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Documents and Settings\User\Bureau\manga\MegaIEMn.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S95.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\User\LOCALS~1\Temp\Wbx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9017 bytes

Pouvez vous m'aider? Un grand merci par avance.

Autres pages sur : ouverture fenetre internet intempestive

18 Avril 2010 00:05:48

Bonsoir
il manque le début de ton rapport hijackthis...

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.


    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    20 Avril 2010 19:05:16

    Merci beaucoup de m'apporter ton aide. Pour le rapport hijackthis, je l'ai posté ainsi que je l'ai trouvé. Voici le rapport Ad-Remover obtenu:

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 20/04/10 à 18:00
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 18:56:28 le 20/04/2010 | Mode normal | Option: SCAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 3 - X86
    Nom du PC: WINXP-529F47B91 | Utilisateur actuel: User (Administrateur)
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    Service: *ASKUpgrade*
    .
    C:\Documents and Settings\User\Application Data\Mozilla\FireFox\Profiles\m834kofn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Documents and Settings\User\Bureau\ATBSetup.exe
    C:\Program Files\Ask & Record Toolbar
    C:\Program Files\AskBarDis
    C:\Program Files\DaemonTools_WhenUSave_Installer
    .
    HKCU\Software\AppDataLow\AskBarDis
    HKCU\Software\AskBarDis
    HKCU\Software\Grand Virtual
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Titan Poker
    HKLM\Software\AppDataLow\AskBarDis
    HKLM\Software\AskBarDis
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
    HKLM\Software\Classes\AskToolBar.SettingsPlugin
    HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
    HKLM\Software\Titan Poker
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.6.3 (fr) *
    .
    C:\Documents and Settings\User\..\m834kofn.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\User\\Bureau\\docs\\Fac
    C:\Documents and Settings\User\..\m834kofn.default\prefs.js - browser.startup.homepage: hxxp://www.veosearch.com
    C:\Documents and Settings\User\..\m834kofn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
    .
    TROUVÉ: C:\Documents and Settings\User\..\m834kofn.default\prefs.js - user_pref("extensions.snipit.history_query", "air%20france=ASKURL=hxxp://www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis||air%20france=ASKURL=//www.ask.com/web?q=air%20france&qsrc=2871&o=13929&l=dis");
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\windows\system32\blank.htm
    Search Page: hxxp://www.google.com
    Show_ToolBar: yes
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\windows\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Documents and Settings\User\Bureau\Jeux\starcraft global\Starcraft\PATCH\STAR_101.EXE
    .
    ========================================
    .
    C:\DOCUME~1\User\LOCALS~1\Temp: 2425 Fichier(s), 186 Dossier(s)
    C:\windows\temp: 65 Fichier(s), 16 Dossier(s)
    Temporary Internet Files: 344 Fichier(s), 16 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 1 Fichier(s)
    .
    C:\Ad-Report-SCAN[1].txt - 6537 Octet(s)
    C:\Ad-Report-SCAN[2].txt - 6533 Octet(s)
    .
    Fin à: 19:01:31, 20/04/2010
    .
    ============== E.O.F - SCAN[2] ==============
    Contenus similaires
    20 Avril 2010 20:23:35

    re
    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    [fixed]/!\ Pense à réactiver ton antivirus /!\
    22 Avril 2010 19:58:08

    Voici le rapport:

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 20/04/10 à 18:00
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 19:39:06 le 22/04/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 3 - X86
    Nom du PC: WINXP-529F47B91 | Utilisateur actuel: User (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .

    (!) -- Fichiers temporaires supprimés.
    .
    .
    (Orpheline) HKCU,Run - EPSON Stylus SX400 Series - C:\WINDOWS\TEMP\E_S95.tmp (Fichier manquant)
    (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.6.3 (fr) *
    .
    C:\Documents and Settings\User\..\m834kofn.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\User\\Bureau\\docs\\Fac
    C:\Documents and Settings\User\..\m834kofn.default\prefs.js - browser.startup.homepage: hxxp://www.veosearch.com
    C:\Documents and Settings\User\..\m834kofn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\windows\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Documents and Settings\User\Bureau\Jeux\starcraft global\Starcraft\PATCH\STAR_101.EXE
    .
    ========================================
    .
    C:\DOCUME~1\User\LOCALS~1\Temp: 2 Fichier(s), 186 Dossier(s)
    C:\windows\temp: 0 Fichier(s), 16 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 16 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 1 Fichier(s)
    C:\Ad-Remover\Backup: 14 Fichier(s)
    .
    C:\Ad-Report-CLEAN[2].txt - 2719 Octet(s)
    .
    Fin à: 19:45:36, 22/04/2010
    .
    ============== E.O.F - CLEAN[2] ==============
    22 Avril 2010 21:31:02

    re
    1
    Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2
  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)

    23 Avril 2010 22:50:21

    Re. Voici les 2 rapports.

    DDS:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 22:32:34,00 on 23/04/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.122 [GMT 2:00]

    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\wuauclt.exe
    C:\windows\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\windows\system32\wscntfy.exe
    C:\Documents and Settings\User\Mes documents\Téléchargements\dds.scr

    ============== Pseudo HJT Report ===============

    uWindow Title =
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,autorun.bat
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\documents and settings\user\bureau\manga\MegaIEMn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [spoolms] c:\windows\system32\dllcache\spoolms.exe
    mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [SW20] c:\windows\system32\sw20.exe
    mRun: [SW24] c:\windows\system32\sw24.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Notify: GoToAssist - c:\program files\citrix\gotoassist\508\G2AWinLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
    SEH: hook dll rising: {b03a4be6-5e5a-483e-b9b3-c484d4b20b72} - c:\windows\system32\softqq0.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\m834kofn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.veosearch.com
    FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-6 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-6 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-6 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2008-11-24 60936]
    S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-5 14336]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [2009-10-30 27072]

    =============== Created Last 30 ================

    2010-04-22 17:25:36 0 d-----w- C:\Ad-Remover
    2010-04-22 17:07:25 53 ----a-w- C:\biosinfo
    2010-04-17 19:25:20 0 d-----w- c:\program files\Trend Micro
    2010-04-16 22:38:17 164352 ----a-w- c:\windows\Wsihea.exe
    2010-04-16 22:37:59 206336 ----a-w- c:\windows\system32\sshnas21.dll
    2010-04-15 21:08:06 0 d-----r- c:\documents and settings\all users\Documents
    2010-04-11 12:48:55 0 d-----w- c:\docume~1\user\applic~1\Avira
    2010-04-10 11:17:25 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-04-06 19:20:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-04-06 19:10:00 0 d-----w- c:\documents and settings\all users\Bureau
    2010-04-06 19:06:21 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
    2010-04-06 19:06:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!
    2010-03-28 10:57:05 293376 ------w- c:\windows\system32\browserchoice.exe

    ==================== Find3M ====================

    2010-03-28 10:55:20 85404 ----a-w- c:\windows\system32\perfc00C.dat
    2010-03-28 10:55:20 513080 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:17:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 12:07:06 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:07:06 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:34:07 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2007-06-23 09:20:16 15797400 ----a-w- c:\program files\zaasSetup_70_337_000_fr.exe
    2007-06-16 20:13:03 1806232 ----a-w- c:\program files\daemon-tools_daemon_tools_4.0.9.1_anglais_10729.exe
    2007-06-11 17:34:57 19194902 ----a-w- c:\program files\TmNationsESWC_175_to_179_Setup.exe
    2007-06-09 16:15:35 278695200 ----a-w- c:\program files\TmNationsESWC_Setup.exe
    2007-06-05 17:30:32 520400 ----a-w- c:\program files\TeamViewer_Setup.exe
    2007-06-05 16:39:46 1664156 ----a-w- c:\program files\UltraVNC-1.0.3-RC3-Setup.exe
    2007-06-04 17:45:29 1207026 ----a-w- c:\program files\winrar_winrar_3.70_anglais_9632.exe
    2007-01-29 17:56:09 18252890 ----a-w- c:\program files\TmNationsESWC_Update2c_Setup.exe
    2006-12-22 19:38:11 9336520 ----a-w- c:\program files\Install_MSN_Messenger.EXE
    2006-07-30 21:20:12 959 --sha-r- c:\windows\system32\autorun.bin

    ============= FINISH: 22:33:22,67 ===============


    Catchme:

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-23 22:37:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:9e,8b,c2,25,52,b3,3b,4f,33,bc,e3,ac,0f,d2,1c,4d,38,93,30,0e,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,47,74,1f,21,9c,1a,16,b6,1b,68,97,f2,d9,e5,0e,b2,19,..
    "khjeh"=hex:54,e7,78,c7,1e,3b,7f,0f,77,da,79,5f,47,18,a1,92,5a,0f,7e,f0,1a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:9a,2d,ae,ae,21,d2,bc,8d,92,14,22,91,d5,6a,3b,8a,aa,89,77,0d,69,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:9e,8b,c2,25,52,b3,3b,4f,33,bc,e3,ac,0f,d2,1c,4d,38,93,30,0e,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,47,74,1f,21,9c,1a,16,b6,1b,68,97,f2,d9,e5,0e,b2,19,..
    "khjeh"=hex:54,e7,78,c7,1e,3b,7f,0f,77,da,79,5f,47,18,a1,92,5a,0f,7e,f0,1a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:9a,2d,ae,ae,21,d2,bc,8d,92,14,22,91,d5,6a,3b,8a,aa,89,77,0d,69,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:9e,8b,c2,25,52,b3,3b,4f,33,bc,e3,ac,0f,d2,1c,4d,38,93,30,0e,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,47,74,1f,21,9c,1a,16,b6,1b,68,97,f2,d9,e5,0e,b2,19,..
    "khjeh"=hex:54,e7,78,c7,1e,3b,7f,0f,77,da,79,5f,47,18,a1,92,5a,0f,7e,f0,1a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:9a,2d,ae,ae,21,d2,bc,8d,92,14,22,91,d5,6a,3b,8a,aa,89,77,0d,69,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    24 Avril 2010 11:50:15

    re
    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.


    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS