Trojan installé bis
Résolu/Fermé
e-stefan
Messages postés
35
Date d'inscription
mercredi 3 octobre 2007
Statut
Membre
Dernière intervention
5 juin 2015
-
3 oct. 2007 à 21:13
fastbob - 17 nov. 2007 à 11:26
fastbob - 17 nov. 2007 à 11:26
A voir également:
- Trojan installé bis
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Le logiciel fortinet n'a pas été installé correctement - Forum Virus
- Trojan agent ✓ - Forum Virus
- Csrss.exe trojan ✓ - Forum Virus
- [Virus] Trojan ou virus dans csrss.exe et spo - Forum Virus
32 réponses
Bonjour,
supprime les points de restauration systeme
demarrer/executer/tape: control
ouvre "systeme" onglet "restauration du systeme"
coche "desactiver la restauration systeme"
clic sur ok a la fenetre qui s'ouvre
ensuite recoche sa effacera tous les virus du systeme restore
@+
supprime les points de restauration systeme
demarrer/executer/tape: control
ouvre "systeme" onglet "restauration du systeme"
coche "desactiver la restauration systeme"
clic sur ok a la fenetre qui s'ouvre
ensuite recoche sa effacera tous les virus du systeme restore
@+
ENSUITE:
telecharge hitjackthis tu le trouvera a "Downloads":
http://merijn.org/
tuto: http://pchelpbordeaux.free.fr/frames/securite/hijackthis1.html
ensuite post un log regarde le tuto ensuite fais un copier/coller
telecharge hitjackthis tu le trouvera a "Downloads":
http://merijn.org/
tuto: http://pchelpbordeaux.free.fr/frames/securite/hijackthis1.html
ensuite post un log regarde le tuto ensuite fais un copier/coller
Logfile of HijackThis v1.99.1
Scan saved at 22:09:17, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Lingoes\Translator\Lingoes.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\Mes documents\New HiJACKTHiS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\awtsqro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon
Toolbar\BabylonIEToolBar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file
missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [msuehauii] c:\windows\system32\msuehauii.exe msuehauii
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DISQUD~1\ugescw.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Lingoes] "C:\Program Files\Lingoes\Translator\Lingoes.exe" -cphs
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe
61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [NI.UWA7PV_0001_N96M0206] "c:\documents and settings\user1\application
data\winantiviruspro2007freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\user1\Application Data\Microsoft\Windows\tgkwvjet.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O20 - Winlogon Notify: awtsqro - C:\WINDOWS\SYSTEM32\awtsqro.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program
Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
Scan saved at 22:09:17, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Lingoes\Translator\Lingoes.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\Mes documents\New HiJACKTHiS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\awtsqro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon
Toolbar\BabylonIEToolBar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file
missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [msuehauii] c:\windows\system32\msuehauii.exe msuehauii
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DISQUD~1\ugescw.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Lingoes] "C:\Program Files\Lingoes\Translator\Lingoes.exe" -cphs
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe
61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [NI.UWA7PV_0001_N96M0206] "c:\documents and settings\user1\application
data\winantiviruspro2007freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\user1\Application Data\Microsoft\Windows\tgkwvjet.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O20 - Winlogon Notify: awtsqro - C:\WINDOWS\SYSTEM32\awtsqro.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program
Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
pour commencer faut supprimer YourSiteBar c'est un adware
ouvre le registre (demarrer/executer/tape: regedit
va a ses clè et supprime toute les valeurs ci dessous:
HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-4929FD104D43}
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_CLASSES_ROOT\Typelib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar
ensuite va a celle-ci :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
supprime cette valeur: "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
va a celle la maintenant: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
supprimme cette valeur: "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
ferme le registre
ouvre le registre (demarrer/executer/tape: regedit
va a ses clè et supprime toute les valeurs ci dessous:
HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-4929FD104D43}
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_CLASSES_ROOT\Typelib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar
ensuite va a celle-ci :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
supprime cette valeur: "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
va a celle la maintenant: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
supprimme cette valeur: "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
ferme le registre
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
CCleaner : http://www.sosordi.net/Telechargeme[...]-standard-build
- AVG Anti-Spyware 7.5 https://www.avg.com/en-ww/free-antivirus-download
==> Démarre AVG Anti-Spywarefais la Mise à jour
Télécharge OTMoveIt : http://download.bleepingcomputer.co[...]er/OTMoveIt.exe
enregistre le sur le bureau
Redémarre en mode sans échec
( tapote sur la touche F8 ou F5 choisis Mode sans échec prend ta session et non la session Administrateur)
demarre hitjackthis
clic sur:
Do a scan system only
coche ses lignes:
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
ensuite clic sur "fix cheked"
ensuite:
Double-clique sur OTMoveIt.exe
- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
- Copie/colle:
C:\WINDOWS\retadpu2000373.exe
dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved
ensuite clique sur "MoveIt" pour lancer la suppression
l'orsqu'un résultat apparaît dans le cadre Results clique sur Exit
fais tourner avg
ensuite nettoyage ccleaner
repost un log stp en mode normal
CCleaner : http://www.sosordi.net/Telechargeme[...]-standard-build
- AVG Anti-Spyware 7.5 https://www.avg.com/en-ww/free-antivirus-download
==> Démarre AVG Anti-Spywarefais la Mise à jour
Télécharge OTMoveIt : http://download.bleepingcomputer.co[...]er/OTMoveIt.exe
enregistre le sur le bureau
Redémarre en mode sans échec
( tapote sur la touche F8 ou F5 choisis Mode sans échec prend ta session et non la session Administrateur)
demarre hitjackthis
clic sur:
Do a scan system only
coche ses lignes:
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
C:\Documents and Settings\user1\Application Data\SurfAccuracy\SAcc.exe
ensuite clic sur "fix cheked"
ensuite:
Double-clique sur OTMoveIt.exe
- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
- Copie/colle:
C:\WINDOWS\retadpu2000373.exe
dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved
ensuite clique sur "MoveIt" pour lancer la suppression
l'orsqu'un résultat apparaît dans le cadre Results clique sur Exit
fais tourner avg
ensuite nettoyage ccleaner
repost un log stp en mode normal
je te remet le lien OTMoveIt : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
l'autre est obsolete
l'autre est obsolete
pour
l'Adware SurfAccuracy tu supprime logiquement la clé run avec hitjackthis plus haut
ensuite va dans le registre a cette cle:
HKEY_LOCAL_MACHINE\SOFTWARE\SAcc
supprime la et ses tout pour cet adware
l'Adware SurfAccuracy tu supprime logiquement la clé run avec hitjackthis plus haut
ensuite va dans le registre a cette cle:
HKEY_LOCAL_MACHINE\SOFTWARE\SAcc
supprime la et ses tout pour cet adware
e-stefan
Messages postés
35
Date d'inscription
mercredi 3 octobre 2007
Statut
Membre
Dernière intervention
5 juin 2015
4 oct. 2007 à 04:07
4 oct. 2007 à 04:07
Salut,
J'ai suivi toutes les instructions mais TR/Dldr.ConHook.Gen et TR/Vundo.DNC
sont toujours dans C:\WINDOWS\system32\byvts.VIR et C:\WINDOWS\system\awtsgro.dll
que faire ? , merci....
PS: comment accède-t-on à C:\System Volume Information
Au fait voici le rapport du scan de Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 03:28:22, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Lingoes\Translator\Lingoes.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\regedit.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\user1\Mes documents\New HiJACKTHiS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\awtsqro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [msuehauii] c:\windows\system32\msuehauii.exe msuehauii
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DISQUD~1\ugescw.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Lingoes] "C:\Program Files\Lingoes\Translator\Lingoes.exe" -cphs
O4 - HKLM\..\Run: [NI.UWA7PV_0001_N96M0206] "c:\documents and settings\user1\application data\winantiviruspro2007freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\user1\Application Data\Microsoft\Windows\tgkwvjet.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O20 - Winlogon Notify: awtsqro - C:\WINDOWS\SYSTEM32\awtsqro.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
J'ai suivi toutes les instructions mais TR/Dldr.ConHook.Gen et TR/Vundo.DNC
sont toujours dans C:\WINDOWS\system32\byvts.VIR et C:\WINDOWS\system\awtsgro.dll
que faire ? , merci....
PS: comment accède-t-on à C:\System Volume Information
Au fait voici le rapport du scan de Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 03:28:22, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Lingoes\Translator\Lingoes.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\regedit.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\user1\Mes documents\New HiJACKTHiS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\awtsqro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [msuehauii] c:\windows\system32\msuehauii.exe msuehauii
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DISQUD~1\ugescw.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Lingoes] "C:\Program Files\Lingoes\Translator\Lingoes.exe" -cphs
O4 - HKLM\..\Run: [NI.UWA7PV_0001_N96M0206] "c:\documents and settings\user1\application data\winantiviruspro2007freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\user1\Application Data\Microsoft\Windows\tgkwvjet.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O20 - Winlogon Notify: awtsqro - C:\WINDOWS\SYSTEM32\awtsqro.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
re,
System Volume Information: fais sa avant continuer:
démarrer/exécuter/tape: control folders
onglet "affichage"
coche "Afficher les Fichiers et dossiers cachés"
Décoche "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche Masquer les extensions dont le type est connu
ensuite désactive la restauration système :
demarrer/executer/tape: control
ouvre "systeme" onglet "restauration du systeme"
coche "desactiver la restauration systeme"
clic sur ok a la fenetre qui s'ouvre
tu decochera quand tout sera clean
Télécharge vundofix: http://www.clubic.com/telecharger-fiche25107-vundofix.html
Clic sur "Scan for Vundo"
Lorsque le scan est fini,clic sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers
clic "Yes", le Bureau va disparaitre un moment lors de la suppression des fichiers
ton pc dois redemarrer
confirme par OK
un rapport vundofix.txt sera crèe post le stp
clic droit VirtumundoBeGone.exe
Continue /Start /Oui
a la fin du scan s'il repere l'infection ton pc s’éteint et redémarre
Si tu as l'ecran bleu et message : Erreur fatale .. pas de problème c'est normal
poste le rapport VBG.TXT qui est sur le bureau
telecharge combofix: http://mickael.barroux.free.fr/securite/combofix.php
le lien t'explique le fonctionnement
System Volume Information: fais sa avant continuer:
démarrer/exécuter/tape: control folders
onglet "affichage"
coche "Afficher les Fichiers et dossiers cachés"
Décoche "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche Masquer les extensions dont le type est connu
ensuite désactive la restauration système :
demarrer/executer/tape: control
ouvre "systeme" onglet "restauration du systeme"
coche "desactiver la restauration systeme"
clic sur ok a la fenetre qui s'ouvre
tu decochera quand tout sera clean
Télécharge vundofix: http://www.clubic.com/telecharger-fiche25107-vundofix.html
Clic sur "Scan for Vundo"
Lorsque le scan est fini,clic sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers
clic "Yes", le Bureau va disparaitre un moment lors de la suppression des fichiers
ton pc dois redemarrer
confirme par OK
un rapport vundofix.txt sera crèe post le stp
clic droit VirtumundoBeGone.exe
Continue /Start /Oui
a la fin du scan s'il repere l'infection ton pc s’éteint et redémarre
Si tu as l'ecran bleu et message : Erreur fatale .. pas de problème c'est normal
poste le rapport VBG.TXT qui est sur le bureau
telecharge combofix: http://mickael.barroux.free.fr/securite/combofix.php
le lien t'explique le fonctionnement
e-stefan
Messages postés
35
Date d'inscription
mercredi 3 octobre 2007
Statut
Membre
Dernière intervention
5 juin 2015
5 oct. 2007 à 21:11
5 oct. 2007 à 21:11
Salut,
Je crois qu'on a réussi à renvoyer les chevaux brouter dans leur pré. 1000 mercis pour ton aide Flashman !!!!
Je crois qu'on a réussi à renvoyer les chevaux brouter dans leur pré. 1000 mercis pour ton aide Flashman !!!!
salut,
tu avais plusieurs infections différentes tu devrais reposter un log hitjackthis
pour vérifier si tous est vraiment clean
tu avais plusieurs infections différentes tu devrais reposter un log hitjackthis
pour vérifier si tous est vraiment clean
Bonjour, je crois que j'ai le même genre de problème depuis quelques temps. J'ai AVG, mais je trouvais mon PC lent et instable... J'ai chargé Avira, qui m'a trouvé une série de virus et chevaux que AVG n' avait pas signalé. Mais depuis, dés l'allumage, Avira détecte sans cesse vundo. dnc, et Dldr.ConHook.Gen que je mets systématiquement en quarantaine, mais qui reviennent aussi vite. Il faut que je désactive le "guard" pour pouvoir accéder aux autres fonctions. Et depuis, Avg me sort aussi des trucs que je "heal" ou" move to the vault ", mais qui reviennent sans cesse, style "BHO.AVH", hyanikyanen, bobik...
J'ai donc suivi ton conseil, et voici le rapport de hijackthis...:
Logfile of HijackThis v1.99.1
Scan saved at 17:05:05, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\lcspmvqe.dll",sitypnow
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
D'avance, merci pour ton attention et tes conseils...
Bob
J'ai donc suivi ton conseil, et voici le rapport de hijackthis...:
Logfile of HijackThis v1.99.1
Scan saved at 17:05:05, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\lcspmvqe.dll",sitypnow
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
D'avance, merci pour ton attention et tes conseils...
Bob
salut,
faut supprimer tout les fichiers dans le système restore pour sa:
coupe la restauration système
démarrer/exécuter/tape: control
ouvre "système" clic sur onglet "restauration du système"
coche "désactiver la restauration système"
clic sur ok a la fenêtre qui s'ouvre
ensuite ouvre le panneau de config/option des dossiers/affichage
coche: afficher les fichiers cachés
décoche:masquez les extensions des fichiers dont le type.....
décoche: masquez les fichiers protégés.....
Télécharge clean.zip: http://www.malekal.com/download/clean.zip
sur le bureau
clic droit/extraire tout!
un dossier "clean" sera créé!
Télécharge smitfraudfix: http://siri.urz.free.fr/Fix/SmitfraudFix.exe enregistre le sur ton bureau
Télécharge et installe avg antispyware: https://www.clubic.com/telecharger-fiche27645-avg-anti-spyware.html
(oubli pas la mise a jour)
ccleaner et regcleaner: http://www.ccleaner.com/download
https://www.clubic.com/telecharger-fiche10573-regcleaner.html
ouvre le dossier clean
clic droit sur "clean.cmd"
une fenêtre noire va apparaître choisi l'option 2
le nettoyage va se faire!
quand c'est fini lance le fichier SmitFraudFix.cmd
Choisi l'option 2 et appuie sur Entrée
Réponde "O" (Oui) aux questions
ensuite scan avec AVG Antispyware
apres passe au nettoyage: ccleaner et regcleaner:
Redémarre ton pc
fais ensuite un scan en ligne:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
il y a de forte chance qu'il es empêché les mises à jour de ton Antivirus
verifie aussi si tu peux ouvrir "le registre" et "le gestionnaire des taches"
enfin repost un log hitjackthis
faut supprimer tout les fichiers dans le système restore pour sa:
coupe la restauration système
démarrer/exécuter/tape: control
ouvre "système" clic sur onglet "restauration du système"
coche "désactiver la restauration système"
clic sur ok a la fenêtre qui s'ouvre
ensuite ouvre le panneau de config/option des dossiers/affichage
coche: afficher les fichiers cachés
décoche:masquez les extensions des fichiers dont le type.....
décoche: masquez les fichiers protégés.....
Télécharge clean.zip: http://www.malekal.com/download/clean.zip
sur le bureau
clic droit/extraire tout!
un dossier "clean" sera créé!
Télécharge smitfraudfix: http://siri.urz.free.fr/Fix/SmitfraudFix.exe enregistre le sur ton bureau
Télécharge et installe avg antispyware: https://www.clubic.com/telecharger-fiche27645-avg-anti-spyware.html
(oubli pas la mise a jour)
ccleaner et regcleaner: http://www.ccleaner.com/download
https://www.clubic.com/telecharger-fiche10573-regcleaner.html
ouvre le dossier clean
clic droit sur "clean.cmd"
une fenêtre noire va apparaître choisi l'option 2
le nettoyage va se faire!
quand c'est fini lance le fichier SmitFraudFix.cmd
Choisi l'option 2 et appuie sur Entrée
Réponde "O" (Oui) aux questions
ensuite scan avec AVG Antispyware
apres passe au nettoyage: ccleaner et regcleaner:
Redémarre ton pc
fais ensuite un scan en ligne:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
il y a de forte chance qu'il es empêché les mises à jour de ton Antivirus
verifie aussi si tu peux ouvrir "le registre" et "le gestionnaire des taches"
enfin repost un log hitjackthis
Il a fallu un peu de temps, mais voilà ,j'ai suivi tes conseils, mais suis pas sûr qu'il y ai grand changement...
D'abord, en mode sans échec, j'ai du aller chercher les fichiers via le gestionnaire de tâche, sinon, j'avais un écran noir... Normal?
Puis, SmitFraudFix.cmd se trouvait en c:\WINDOW\system32\cmd.exe, et quand je le sélectionnais, il me proposait: c:\WINDOW\system32, à quoi je ne savais que répondre!? regcleaner quant à lui n'a pas voulu démarrer..., et pour ce qui est du scan en ligne, à ma réponse "j'accepte", il ne répond pas et donc ne démarre pas...
En tout cas voici les rapports que j'ai pu avoir:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:21, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\lcspmvqe.dll",sitypnow
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore, selected 270 of 270
[syntax: Author, Software, Age ]
[Unknown], 5110, New
[Unknown], 5110005345000000, New
[Unknown], CCleaner, New
[Unknown], Centrebet Poker, New
[Unknown], Chilipoker, New
[Unknown], Companion Wizard, New
[Unknown], CryptoUA, New
[Unknown], Europa Casino, New
[Unknown], KLCodecPack, New
[Unknown], Licenses, New
[Unknown], MansionPoker, New
[Unknown], npdpbn, New
[Unknown], Poker 770, New
[Unknown], PokerNetwork, New
[Unknown], PTECH, New
[Unknown], RegisteredApplications, New
[Unknown], SeasideSunset, New
[Unknown], Titan Poker, New
[Unknown], WinAntiVirus Pro 2007, New
[Unknown], Xfire, New
[Unknown], 24hPoker, New
[Unknown], 3ivx, New
[Unknown], 3rd Eye Solutions, New
[Unknown], Boonty, New
[Unknown], CoreVorbis, New
[Unknown], EIcouohwuMaclouIFMlneogwlcMcnnuIuM, New
[Unknown], eMule, New
[Unknown], MozillaPlugins, New
[Unknown], Opera Software, New
[Unknown], pokerinstaller, New
[Unknown], seekmosa, New
[Unknown], SOCID, New
[Unknown], Wif2, New
[Unknown], WinRAR SFX, New
[Unknown], WMVCR, New
3ivx, CurrentVersion, New
AC3filter, Delay, New
AC3filter, Equalizer, New
AC3filter, Matrix, New
AC3filter, Preset, New
ACE Compression Software, ActiveAce, New
Adaptec, UpgWizCompletion, New
Adobe, Adobe SVG Viewer, New
Adobe, CommonFiles, New
Adobe, Dlm, New
Adobe, Esd, New
Adobe, Reader, New
Adobe, Repair, New
Adobe, Acrobat Reader, New
Adobe, Acrobat, New
Aiptek, Digital Video Camera Manager, New
AntiSpywareBot, AntiSpywareBot, New
Apple Computer, Inc., QuickTime, New
Ariad, Application Libraries Log, New
Ariad, Application Libraries Log By Title, New
Ariad, Installation Paths, New
ASProtect, Data, New
ASProtect, SpecData, New
Atari, Titeuf, New
Avira, AntiVir PersonalEdition Classic, New
Bodog Poker, Game, New
Boonty, Common Install, New
Boonty, Licenses, New
Brother, BrMfBidi, New
Brother, Brpp2ka2, New
Brother, Bsplproc, New
Brother, Bsplproc2, New
Brother, Printer, New
Brother, PrtDrv, New
Bst, BSplayer, New
Bst, Bsplayerv1, New
C07ft5Y, Acenet_client_release, New
C07ft5Y, Arctic, New
C07ft5Y, Mcm2, New
C07ft5Y, Midtown, New
C07ft5Y, Nfshs, New
C07ft5Y, Sbk2001, New
C07ft5Y, WinXP, New
CaribbeanSunPoker, CaribbeanSunPoker, New
CaribbeanSunPoker, Pokebob, New
CDBurnerXP Pro 3, AudioGrabber, New
CDBurnerXP Pro 3, AudioWriter, New
CDBurnerXP Pro 3, DataWriter, New
CDBurnerXP Pro 3, General, New
CDV Software Entertainment AG, Blitzkrieg Burning Horizon, New
Centrebet Poker, Pokebob, New
Centrebet Poker, QuickSearch, New
Chilipoker, Floatingchat, New
Chilipoker, Lobby_favouritegames, New
Chilipoker, Pokebob, New
Chilipoker, QuickSearch, New
C-Media, C-Media 3D Audio, New
Codemasters, Insane, New
Cyberlink, Antenna, New
Cyberlink, Cable, New
Cyberlink, RemoteAgent, New
CyberLink, PowerDVD, New
CyberLink, PowerVCR II, New
Davilex, K2000, New
DivXNetworks, DivX4Windows, New
DVision, DVSeaTID, New
Eicon, Adsl, New
Electronic Arts, 3D Data, New
Electronic Arts, EA Sports, New
Electronic Arts, Need For Speed High Stakes, New
Electronic Arts, Network Play System, New
Empire Interactive, Ford Racing 3, New
Empire Interactive, Ford Racing 3 Demo, New
ESellerate, Affiliates, New
Eugen Systems, ActOfWar, New
Europa Casino, 8bs, New
Europa Casino, Al, New
Europa Casino, Aroundtheworld, New
Europa Casino, Bt, New
Europa Casino, C7, New
Europa Casino, Er, New
Europa Casino, Gc, New
Europa Casino, Hh, New
Europa Casino, Lobby_favouritegames, New
Europa Casino, Ma, New
Europa Casino, Pso, New
Europa Casino, Rodz, New
Europa Casino, Rollercoasterdice, New
Europa Casino, Rop, New
Europa Casino, Videopoker_4aces, New
Europa Casino, Videopoker_4deuceswild, New
Europa Casino, Videopoker_4jacks, New
Europa Casino, Videopoker_50jacks, New
Europa Casino, Videopoker_highlow, New
Europa Casino, Videopoker_jacks, New
Europa Casino, Videopoker_joker, New
FullCircle, TalkBack, New
Gabest, DirectVobSub, New
Gabest, DVobSub, New
Gabest, Media Player Classic, New
GameSpy, GameSpy 3D, New
Gemplus, Cryptography, New
Gnu, Ffdshow, New
Gnu, XviD, New
Google, Common, New
Google, KeyholeCommonSettings, New
Google, CommonSettings, New
Google, CustomSearch, New
Google, GECommonSettings, New
Google, Google Earth Plus, New
Google, Google Toolbar, New
Google, Google Updater, New
Google, GoogleToolbarNotifier, New
Google, NavClient, New
Grisoft, AVGAntiSpyware, New
Grisoft, Avg7, New
Grisoft, Clients, New
GSpot Appliance Corp, GSpot, New
Infogrames, Graph_obj, New
Insanity3D System, Applications, New
InstallShield, Driver, New
Intel, Indeo® Software, New
Intel, Psis, New
Intel, Indeo, New
InterActive Vision, 112 Reddingshelicopter, New
InterTrust, DocBox, New
InterVideo, Common, New
JavaSoft, Java Plug-in, New
JavaSoft, Java Update, New
JavaSoft, Java Web Start, New
JavaSoft, Java Runtime Environment, New
JavaSoft, Java2D, New
Lonely Cat Games, Hidden And Dangerous Deluxe, New
LucasArts, Star Wars Battlefront, New
LucasArts, Star Wars Battlefront II, New
LucasArts, Star Wars Republic Commando, New
Macromedia, FlashPlayerPlugin, New
Macromedia, FlashPlayer, New
Macromedia, FlashPlayerUpdate, New
Macrovision, Safecast, New
MainConcept, DirectShow, New
Mfcr42, Installed, New
Mgs, Pokers, New
Mgs, Thumper, New
Mindscape, Team Apache, New
Mozilla, Mozilla Firefox, New
Mozilla, Mozilla Firefox 2.0.0.9, New
Mozilla, Mozilla, New
Mozilla, Mozilla Thunderbird 1.5, New
Mozilla Thunderbird, Desktop, New
Mozilla.org, Mozilla, New
MozillaPlugins, @adobe.com/FlashPlayer, New
MozillaPlugins, @pack.google.com/Google Updater;version=11, New
MozillaPlugins, @real.com/nppl3260;version=6.0.11.2027, New
MozillaPlugins, @real.com/nprpjplug;version=6.0.12.1040, New
MozillaPlugins, @real.com/nsJSRealPlayerPlugin;version=, New
MozillaPlugins, Yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1, New
NATATA EBook, Adult Tv 24/7{881AA878-40CF-4763-B387-486872D53F07}, New
NATATA EBook, TV On Your PC{6461CBBF-68FF-456A-9327-C5333495221F}, New
Netscape, Netscape Navigator, New
Neurosoft, 1clickPCfix, New
Nival Interactive, Blitzkrieg, New
NVIDIA Corporation, Global, New
Olympus, OLYMPUS CAMEDIA Master 4.2, New
Olympus, Camedia Master 4, New
On2 Technologies, On2 VP3 Video For Windows Codec, New
On2 Technologies, VFW Encoder/Decoder Settings, New
On2 Technologies, VP6 VFW Codec, New
OpenOffice.org, OpenOffice.org, New
OpenOffice.org, Uno, New
Pacificpoker, Casinopoker, New
Pacificpoker, Poker, New
PartyGaming, Partypoker, New
PepiMK Software, SpybotSnD, New
Phoneaccessexe2, 360095, New
Poker 770, Pokebob, New
Poker 770, Psr35461022, New
Poker 770, QuickSearch, New
Pyro Studios, Praetorians, New
Pyro Studios, Praetorians Game, New
RealNetworks, Gemini, New
RealNetworks, Preferences, New
RealNetworks, RealMediaSDK, New
RealNetworks, RealPlayer, New
RealNetworks, Update, New
RegistrySmart, RegistrySmart, New
Rmr10, Settings, New
Schlumberger, Smart Cards And Terminals, New
SecuROM, Keys, New
SecuROM, Wl, New
Sensaura, Audio3D, New
Silicon Integrated Systems Corporation, SiS AGP Driver, New
Skype, Installer, New
Skype, Phone, New
Skype, PluginManager, New
Skype, ProtectedStorage, New
SmallRockets, Application, New
Soeperman Enterprises Ltd., HijackThis, New
Sonic Foundry, Vegas, New
Sonic Foundry, Video Capture, New
SpeedTouch, Classes, New
SpeedTouch, Setup Wizard, New
Ssi, Panzer General 3D, New
Sun Microsystems, StarOffice, New
SyncIT, EPGSync, New
Synetic, TruckRace, New
Thq, Jimmy Neutron Boy Genius, New
Titan Poker, Floatingchat, New
Titan Poker, Pokebob, New
Titan Poker, QuickSearch, New
Titan Poker, Ttr68957322, New
ValueSoft, Hard Truck 18, New
VB And VBA Program Settings, CCleaner, New
VB And VBA Program Settings, Euro Add-in, New
VB And VBA Program Settings, FrmAudioCDWriter, New
VB And VBA Program Settings, FrmCDDVDWriter, New
VB And VBA Program Settings, Plugin, New
Vhld, Machine_id, New
VirtuaMedia, ZoomPlayer, New
WinAntiVirus Pro 2007, Settings, New
WinRAR, DialogEditHistory, New
WinRAR, FileList, New
WinRAR, Formats, New
WinRAR, General, New
WinRAR, Interface, New
WinRAR, Profiles, New
WinRAR, Setup, New
WinRAR, Viewer, New
Wmr10, Settings, New
X-avcsd, Workstation, New
XemiCo, Screen Saver, New
Xfire, Exceptions, New
Yahoo, Companion, New
Yahoo, Insthelper, New
Yahoo, YFriendsBar, New
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 09/11/2007 a 9:55:11.14
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\stera.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\WinAntivirus Pro 2007\"
tentative de suppression de "C:\Program Files\WinAntiVirus Pro 2007\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:17:42 09/11/2007
+ Résultat de l'analyse:
I:\WINDOWS\system32\azesearch2.dll -> Adware.Azesearch : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.Companion : Nettoyé.
I:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Nettoyé.
I:\Documents and Settings\Bob\Local Settings\Temp\uninstall.exe -> Adware.EliteBar : Nettoyé.
C:\WINDOWS\system32\Uninstallsss.exe -> Adware.GAINNetwork : Nettoyé.
I:\WINDOWS\unstall.exe -> Adware.MediaMotor : Nettoyé.
I:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyé.
F:\c\Program Files\ErrorSafeScannerInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignoré.
F:\temp\WinAntiVirusPro2007FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
F:\temp\SystemDoctor2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignoré.
F:\c\fastbob\Cookies\fastbob@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.5:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.84:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
F:\c\fastbob\Cookies\fastbob@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.50:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.98:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
F:\c\fastbob\Cookies\fastbob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.94:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.32:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.8:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.95:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.104:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.105:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.58:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.48:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.129:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.130:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyé.
:mozilla.33:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.49:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
F:\c\fastbob\Cookies\fastbob@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.124:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.125:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.75:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.76:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.77:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.25:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.30:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
F:\c\fastbob\Cookies\fastbob@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.83:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
F:\c\fastbob\Cookies\fastbob@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.5:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.6:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.7:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.76:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
F:\c\fastbob\Cookies\fastbob@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\WINDOWS\system32\gexcbyyu.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\hyhovepg.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\lqecxfox.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\mjfsqbye.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vjtffbon.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wnxxvbnp.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wrndpepo.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xvdovpwi.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\yvtkmitj.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Qu'en pense-tu? Est-ce grave docteur? Avira et Avg continuent à me sortir les mêmes infections...
Merci pour ton temps et tes conseils
fastbob
D'abord, en mode sans échec, j'ai du aller chercher les fichiers via le gestionnaire de tâche, sinon, j'avais un écran noir... Normal?
Puis, SmitFraudFix.cmd se trouvait en c:\WINDOW\system32\cmd.exe, et quand je le sélectionnais, il me proposait: c:\WINDOW\system32, à quoi je ne savais que répondre!? regcleaner quant à lui n'a pas voulu démarrer..., et pour ce qui est du scan en ligne, à ma réponse "j'accepte", il ne répond pas et donc ne démarre pas...
En tout cas voici les rapports que j'ai pu avoir:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:21, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\lcspmvqe.dll",sitypnow
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore, selected 270 of 270
[syntax: Author, Software, Age ]
[Unknown], 5110, New
[Unknown], 5110005345000000, New
[Unknown], CCleaner, New
[Unknown], Centrebet Poker, New
[Unknown], Chilipoker, New
[Unknown], Companion Wizard, New
[Unknown], CryptoUA, New
[Unknown], Europa Casino, New
[Unknown], KLCodecPack, New
[Unknown], Licenses, New
[Unknown], MansionPoker, New
[Unknown], npdpbn, New
[Unknown], Poker 770, New
[Unknown], PokerNetwork, New
[Unknown], PTECH, New
[Unknown], RegisteredApplications, New
[Unknown], SeasideSunset, New
[Unknown], Titan Poker, New
[Unknown], WinAntiVirus Pro 2007, New
[Unknown], Xfire, New
[Unknown], 24hPoker, New
[Unknown], 3ivx, New
[Unknown], 3rd Eye Solutions, New
[Unknown], Boonty, New
[Unknown], CoreVorbis, New
[Unknown], EIcouohwuMaclouIFMlneogwlcMcnnuIuM, New
[Unknown], eMule, New
[Unknown], MozillaPlugins, New
[Unknown], Opera Software, New
[Unknown], pokerinstaller, New
[Unknown], seekmosa, New
[Unknown], SOCID, New
[Unknown], Wif2, New
[Unknown], WinRAR SFX, New
[Unknown], WMVCR, New
3ivx, CurrentVersion, New
AC3filter, Delay, New
AC3filter, Equalizer, New
AC3filter, Matrix, New
AC3filter, Preset, New
ACE Compression Software, ActiveAce, New
Adaptec, UpgWizCompletion, New
Adobe, Adobe SVG Viewer, New
Adobe, CommonFiles, New
Adobe, Dlm, New
Adobe, Esd, New
Adobe, Reader, New
Adobe, Repair, New
Adobe, Acrobat Reader, New
Adobe, Acrobat, New
Aiptek, Digital Video Camera Manager, New
AntiSpywareBot, AntiSpywareBot, New
Apple Computer, Inc., QuickTime, New
Ariad, Application Libraries Log, New
Ariad, Application Libraries Log By Title, New
Ariad, Installation Paths, New
ASProtect, Data, New
ASProtect, SpecData, New
Atari, Titeuf, New
Avira, AntiVir PersonalEdition Classic, New
Bodog Poker, Game, New
Boonty, Common Install, New
Boonty, Licenses, New
Brother, BrMfBidi, New
Brother, Brpp2ka2, New
Brother, Bsplproc, New
Brother, Bsplproc2, New
Brother, Printer, New
Brother, PrtDrv, New
Bst, BSplayer, New
Bst, Bsplayerv1, New
C07ft5Y, Acenet_client_release, New
C07ft5Y, Arctic, New
C07ft5Y, Mcm2, New
C07ft5Y, Midtown, New
C07ft5Y, Nfshs, New
C07ft5Y, Sbk2001, New
C07ft5Y, WinXP, New
CaribbeanSunPoker, CaribbeanSunPoker, New
CaribbeanSunPoker, Pokebob, New
CDBurnerXP Pro 3, AudioGrabber, New
CDBurnerXP Pro 3, AudioWriter, New
CDBurnerXP Pro 3, DataWriter, New
CDBurnerXP Pro 3, General, New
CDV Software Entertainment AG, Blitzkrieg Burning Horizon, New
Centrebet Poker, Pokebob, New
Centrebet Poker, QuickSearch, New
Chilipoker, Floatingchat, New
Chilipoker, Lobby_favouritegames, New
Chilipoker, Pokebob, New
Chilipoker, QuickSearch, New
C-Media, C-Media 3D Audio, New
Codemasters, Insane, New
Cyberlink, Antenna, New
Cyberlink, Cable, New
Cyberlink, RemoteAgent, New
CyberLink, PowerDVD, New
CyberLink, PowerVCR II, New
Davilex, K2000, New
DivXNetworks, DivX4Windows, New
DVision, DVSeaTID, New
Eicon, Adsl, New
Electronic Arts, 3D Data, New
Electronic Arts, EA Sports, New
Electronic Arts, Need For Speed High Stakes, New
Electronic Arts, Network Play System, New
Empire Interactive, Ford Racing 3, New
Empire Interactive, Ford Racing 3 Demo, New
ESellerate, Affiliates, New
Eugen Systems, ActOfWar, New
Europa Casino, 8bs, New
Europa Casino, Al, New
Europa Casino, Aroundtheworld, New
Europa Casino, Bt, New
Europa Casino, C7, New
Europa Casino, Er, New
Europa Casino, Gc, New
Europa Casino, Hh, New
Europa Casino, Lobby_favouritegames, New
Europa Casino, Ma, New
Europa Casino, Pso, New
Europa Casino, Rodz, New
Europa Casino, Rollercoasterdice, New
Europa Casino, Rop, New
Europa Casino, Videopoker_4aces, New
Europa Casino, Videopoker_4deuceswild, New
Europa Casino, Videopoker_4jacks, New
Europa Casino, Videopoker_50jacks, New
Europa Casino, Videopoker_highlow, New
Europa Casino, Videopoker_jacks, New
Europa Casino, Videopoker_joker, New
FullCircle, TalkBack, New
Gabest, DirectVobSub, New
Gabest, DVobSub, New
Gabest, Media Player Classic, New
GameSpy, GameSpy 3D, New
Gemplus, Cryptography, New
Gnu, Ffdshow, New
Gnu, XviD, New
Google, Common, New
Google, KeyholeCommonSettings, New
Google, CommonSettings, New
Google, CustomSearch, New
Google, GECommonSettings, New
Google, Google Earth Plus, New
Google, Google Toolbar, New
Google, Google Updater, New
Google, GoogleToolbarNotifier, New
Google, NavClient, New
Grisoft, AVGAntiSpyware, New
Grisoft, Avg7, New
Grisoft, Clients, New
GSpot Appliance Corp, GSpot, New
Infogrames, Graph_obj, New
Insanity3D System, Applications, New
InstallShield, Driver, New
Intel, Indeo® Software, New
Intel, Psis, New
Intel, Indeo, New
InterActive Vision, 112 Reddingshelicopter, New
InterTrust, DocBox, New
InterVideo, Common, New
JavaSoft, Java Plug-in, New
JavaSoft, Java Update, New
JavaSoft, Java Web Start, New
JavaSoft, Java Runtime Environment, New
JavaSoft, Java2D, New
Lonely Cat Games, Hidden And Dangerous Deluxe, New
LucasArts, Star Wars Battlefront, New
LucasArts, Star Wars Battlefront II, New
LucasArts, Star Wars Republic Commando, New
Macromedia, FlashPlayerPlugin, New
Macromedia, FlashPlayer, New
Macromedia, FlashPlayerUpdate, New
Macrovision, Safecast, New
MainConcept, DirectShow, New
Mfcr42, Installed, New
Mgs, Pokers, New
Mgs, Thumper, New
Mindscape, Team Apache, New
Mozilla, Mozilla Firefox, New
Mozilla, Mozilla Firefox 2.0.0.9, New
Mozilla, Mozilla, New
Mozilla, Mozilla Thunderbird 1.5, New
Mozilla Thunderbird, Desktop, New
Mozilla.org, Mozilla, New
MozillaPlugins, @adobe.com/FlashPlayer, New
MozillaPlugins, @pack.google.com/Google Updater;version=11, New
MozillaPlugins, @real.com/nppl3260;version=6.0.11.2027, New
MozillaPlugins, @real.com/nprpjplug;version=6.0.12.1040, New
MozillaPlugins, @real.com/nsJSRealPlayerPlugin;version=, New
MozillaPlugins, Yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1, New
NATATA EBook, Adult Tv 24/7{881AA878-40CF-4763-B387-486872D53F07}, New
NATATA EBook, TV On Your PC{6461CBBF-68FF-456A-9327-C5333495221F}, New
Netscape, Netscape Navigator, New
Neurosoft, 1clickPCfix, New
Nival Interactive, Blitzkrieg, New
NVIDIA Corporation, Global, New
Olympus, OLYMPUS CAMEDIA Master 4.2, New
Olympus, Camedia Master 4, New
On2 Technologies, On2 VP3 Video For Windows Codec, New
On2 Technologies, VFW Encoder/Decoder Settings, New
On2 Technologies, VP6 VFW Codec, New
OpenOffice.org, OpenOffice.org, New
OpenOffice.org, Uno, New
Pacificpoker, Casinopoker, New
Pacificpoker, Poker, New
PartyGaming, Partypoker, New
PepiMK Software, SpybotSnD, New
Phoneaccessexe2, 360095, New
Poker 770, Pokebob, New
Poker 770, Psr35461022, New
Poker 770, QuickSearch, New
Pyro Studios, Praetorians, New
Pyro Studios, Praetorians Game, New
RealNetworks, Gemini, New
RealNetworks, Preferences, New
RealNetworks, RealMediaSDK, New
RealNetworks, RealPlayer, New
RealNetworks, Update, New
RegistrySmart, RegistrySmart, New
Rmr10, Settings, New
Schlumberger, Smart Cards And Terminals, New
SecuROM, Keys, New
SecuROM, Wl, New
Sensaura, Audio3D, New
Silicon Integrated Systems Corporation, SiS AGP Driver, New
Skype, Installer, New
Skype, Phone, New
Skype, PluginManager, New
Skype, ProtectedStorage, New
SmallRockets, Application, New
Soeperman Enterprises Ltd., HijackThis, New
Sonic Foundry, Vegas, New
Sonic Foundry, Video Capture, New
SpeedTouch, Classes, New
SpeedTouch, Setup Wizard, New
Ssi, Panzer General 3D, New
Sun Microsystems, StarOffice, New
SyncIT, EPGSync, New
Synetic, TruckRace, New
Thq, Jimmy Neutron Boy Genius, New
Titan Poker, Floatingchat, New
Titan Poker, Pokebob, New
Titan Poker, QuickSearch, New
Titan Poker, Ttr68957322, New
ValueSoft, Hard Truck 18, New
VB And VBA Program Settings, CCleaner, New
VB And VBA Program Settings, Euro Add-in, New
VB And VBA Program Settings, FrmAudioCDWriter, New
VB And VBA Program Settings, FrmCDDVDWriter, New
VB And VBA Program Settings, Plugin, New
Vhld, Machine_id, New
VirtuaMedia, ZoomPlayer, New
WinAntiVirus Pro 2007, Settings, New
WinRAR, DialogEditHistory, New
WinRAR, FileList, New
WinRAR, Formats, New
WinRAR, General, New
WinRAR, Interface, New
WinRAR, Profiles, New
WinRAR, Setup, New
WinRAR, Viewer, New
Wmr10, Settings, New
X-avcsd, Workstation, New
XemiCo, Screen Saver, New
Xfire, Exceptions, New
Yahoo, Companion, New
Yahoo, Insthelper, New
Yahoo, YFriendsBar, New
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 09/11/2007 a 9:55:11.14
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\stera.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\WinAntivirus Pro 2007\"
tentative de suppression de "C:\Program Files\WinAntiVirus Pro 2007\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:17:42 09/11/2007
+ Résultat de l'analyse:
I:\WINDOWS\system32\azesearch2.dll -> Adware.Azesearch : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.Companion : Nettoyé.
I:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Nettoyé.
I:\Documents and Settings\Bob\Local Settings\Temp\uninstall.exe -> Adware.EliteBar : Nettoyé.
C:\WINDOWS\system32\Uninstallsss.exe -> Adware.GAINNetwork : Nettoyé.
I:\WINDOWS\unstall.exe -> Adware.MediaMotor : Nettoyé.
I:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyé.
F:\c\Program Files\ErrorSafeScannerInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignoré.
F:\temp\WinAntiVirusPro2007FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
F:\temp\SystemDoctor2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignoré.
F:\c\fastbob\Cookies\fastbob@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.5:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.84:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
F:\c\fastbob\Cookies\fastbob@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.50:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.98:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
F:\c\fastbob\Cookies\fastbob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.94:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.32:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.8:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.95:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.104:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.105:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.58:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.48:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.129:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.130:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyé.
:mozilla.33:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.49:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
F:\c\fastbob\Cookies\fastbob@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.124:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.125:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.75:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.76:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.77:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.25:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.30:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
F:\c\fastbob\Cookies\fastbob@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.83:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
F:\c\fastbob\Cookies\fastbob@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.5:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.6:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.7:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.76:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
F:\c\fastbob\Cookies\fastbob@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\WINDOWS\system32\gexcbyyu.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\hyhovepg.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\lqecxfox.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\mjfsqbye.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vjtffbon.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wnxxvbnp.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wrndpepo.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xvdovpwi.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\yvtkmitj.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Qu'en pense-tu? Est-ce grave docteur? Avira et Avg continuent à me sortir les mêmes infections...
Merci pour ton temps et tes conseils
fastbob
Pas sûr que mon premier post ait fonctionné...
Il a fallu un peu de temps, mais voilà ,j'ai suivi tes conseils, mais suis pas sûr qu'il y ai grand changement...
D'abord, en mode sans échec, j'ai du aller chercher les fichiers via le gestionnaire de tâche, sinon, j'avais un écran noir... Normal?
Puis, SmitFraudFix.cmd se trouvait en c:\WINDOW\system32\cmd.exe, et quand je le sélectionnais, il me proposait: c:\WINDOW\system32, à quoi je ne savais que répondre!? regcleaner quant à lui n'a pas voulu démarrer..., et pour ce qui est du scan en ligne, à ma réponse "j'accepte", il ne répond pas et donc ne démarre pas...
En tout cas voici les rapports que j'ai pu avoir:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:21, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\lcspmvqe.dll",sitypnow
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore, selected 270 of 270
[syntax: Author, Software, Age ]
[Unknown], 5110, New
[Unknown], 5110005345000000, New
[Unknown], CCleaner, New
[Unknown], Centrebet Poker, New
[Unknown], Chilipoker, New
[Unknown], Companion Wizard, New
[Unknown], CryptoUA, New
[Unknown], Europa Casino, New
[Unknown], KLCodecPack, New
[Unknown], Licenses, New
[Unknown], MansionPoker, New
[Unknown], npdpbn, New
[Unknown], Poker 770, New
[Unknown], PokerNetwork, New
[Unknown], PTECH, New
[Unknown], RegisteredApplications, New
[Unknown], SeasideSunset, New
[Unknown], Titan Poker, New
[Unknown], WinAntiVirus Pro 2007, New
[Unknown], Xfire, New
[Unknown], 24hPoker, New
[Unknown], 3ivx, New
[Unknown], 3rd Eye Solutions, New
[Unknown], Boonty, New
[Unknown], CoreVorbis, New
[Unknown], EIcouohwuMaclouIFMlneogwlcMcnnuIuM, New
[Unknown], eMule, New
[Unknown], MozillaPlugins, New
[Unknown], Opera Software, New
[Unknown], pokerinstaller, New
[Unknown], seekmosa, New
[Unknown], SOCID, New
[Unknown], Wif2, New
[Unknown], WinRAR SFX, New
[Unknown], WMVCR, New
3ivx, CurrentVersion, New
AC3filter, Delay, New
AC3filter, Equalizer, New
AC3filter, Matrix, New
AC3filter, Preset, New
ACE Compression Software, ActiveAce, New
Adaptec, UpgWizCompletion, New
Adobe, Adobe SVG Viewer, New
Adobe, CommonFiles, New
Adobe, Dlm, New
Adobe, Esd, New
Adobe, Reader, New
Adobe, Repair, New
Adobe, Acrobat Reader, New
Adobe, Acrobat, New
Aiptek, Digital Video Camera Manager, New
AntiSpywareBot, AntiSpywareBot, New
Apple Computer, Inc., QuickTime, New
Ariad, Application Libraries Log, New
Ariad, Application Libraries Log By Title, New
Ariad, Installation Paths, New
ASProtect, Data, New
ASProtect, SpecData, New
Atari, Titeuf, New
Avira, AntiVir PersonalEdition Classic, New
Bodog Poker, Game, New
Boonty, Common Install, New
Boonty, Licenses, New
Brother, BrMfBidi, New
Brother, Brpp2ka2, New
Brother, Bsplproc, New
Brother, Bsplproc2, New
Brother, Printer, New
Brother, PrtDrv, New
Bst, BSplayer, New
Bst, Bsplayerv1, New
C07ft5Y, Acenet_client_release, New
C07ft5Y, Arctic, New
C07ft5Y, Mcm2, New
C07ft5Y, Midtown, New
C07ft5Y, Nfshs, New
C07ft5Y, Sbk2001, New
C07ft5Y, WinXP, New
CaribbeanSunPoker, CaribbeanSunPoker, New
CaribbeanSunPoker, Pokebob, New
CDBurnerXP Pro 3, AudioGrabber, New
CDBurnerXP Pro 3, AudioWriter, New
CDBurnerXP Pro 3, DataWriter, New
CDBurnerXP Pro 3, General, New
CDV Software Entertainment AG, Blitzkrieg Burning Horizon, New
Centrebet Poker, Pokebob, New
Centrebet Poker, QuickSearch, New
Chilipoker, Floatingchat, New
Chilipoker, Lobby_favouritegames, New
Chilipoker, Pokebob, New
Chilipoker, QuickSearch, New
C-Media, C-Media 3D Audio, New
Codemasters, Insane, New
Cyberlink, Antenna, New
Cyberlink, Cable, New
Cyberlink, RemoteAgent, New
CyberLink, PowerDVD, New
CyberLink, PowerVCR II, New
Davilex, K2000, New
DivXNetworks, DivX4Windows, New
DVision, DVSeaTID, New
Eicon, Adsl, New
Electronic Arts, 3D Data, New
Electronic Arts, EA Sports, New
Electronic Arts, Need For Speed High Stakes, New
Electronic Arts, Network Play System, New
Empire Interactive, Ford Racing 3, New
Empire Interactive, Ford Racing 3 Demo, New
ESellerate, Affiliates, New
Eugen Systems, ActOfWar, New
Europa Casino, 8bs, New
Europa Casino, Al, New
Europa Casino, Aroundtheworld, New
Europa Casino, Bt, New
Europa Casino, C7, New
Europa Casino, Er, New
Europa Casino, Gc, New
Europa Casino, Hh, New
Europa Casino, Lobby_favouritegames, New
Europa Casino, Ma, New
Europa Casino, Pso, New
Europa Casino, Rodz, New
Europa Casino, Rollercoasterdice, New
Europa Casino, Rop, New
Europa Casino, Videopoker_4aces, New
Europa Casino, Videopoker_4deuceswild, New
Europa Casino, Videopoker_4jacks, New
Europa Casino, Videopoker_50jacks, New
Europa Casino, Videopoker_highlow, New
Europa Casino, Videopoker_jacks, New
Europa Casino, Videopoker_joker, New
FullCircle, TalkBack, New
Gabest, DirectVobSub, New
Gabest, DVobSub, New
Gabest, Media Player Classic, New
GameSpy, GameSpy 3D, New
Gemplus, Cryptography, New
Gnu, Ffdshow, New
Gnu, XviD, New
Google, Common, New
Google, KeyholeCommonSettings, New
Google, CommonSettings, New
Google, CustomSearch, New
Google, GECommonSettings, New
Google, Google Earth Plus, New
Google, Google Toolbar, New
Google, Google Updater, New
Google, GoogleToolbarNotifier, New
Google, NavClient, New
Grisoft, AVGAntiSpyware, New
Grisoft, Avg7, New
Grisoft, Clients, New
GSpot Appliance Corp, GSpot, New
Infogrames, Graph_obj, New
Insanity3D System, Applications, New
InstallShield, Driver, New
Intel, Indeo® Software, New
Intel, Psis, New
Intel, Indeo, New
InterActive Vision, 112 Reddingshelicopter, New
InterTrust, DocBox, New
InterVideo, Common, New
JavaSoft, Java Plug-in, New
JavaSoft, Java Update, New
JavaSoft, Java Web Start, New
JavaSoft, Java Runtime Environment, New
JavaSoft, Java2D, New
Lonely Cat Games, Hidden And Dangerous Deluxe, New
LucasArts, Star Wars Battlefront, New
LucasArts, Star Wars Battlefront II, New
LucasArts, Star Wars Republic Commando, New
Macromedia, FlashPlayerPlugin, New
Macromedia, FlashPlayer, New
Macromedia, FlashPlayerUpdate, New
Macrovision, Safecast, New
MainConcept, DirectShow, New
Mfcr42, Installed, New
Mgs, Pokers, New
Mgs, Thumper, New
Mindscape, Team Apache, New
Mozilla, Mozilla Firefox, New
Mozilla, Mozilla Firefox 2.0.0.9, New
Mozilla, Mozilla, New
Mozilla, Mozilla Thunderbird 1.5, New
Mozilla Thunderbird, Desktop, New
Mozilla.org, Mozilla, New
MozillaPlugins, @adobe.com/FlashPlayer, New
MozillaPlugins, @pack.google.com/Google Updater;version=11, New
MozillaPlugins, @real.com/nppl3260;version=6.0.11.2027, New
MozillaPlugins, @real.com/nprpjplug;version=6.0.12.1040, New
MozillaPlugins, @real.com/nsJSRealPlayerPlugin;version=, New
MozillaPlugins, Yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1, New
NATATA EBook, Adult Tv 24/7{881AA878-40CF-4763-B387-486872D53F07}, New
NATATA EBook, TV On Your PC{6461CBBF-68FF-456A-9327-C5333495221F}, New
Netscape, Netscape Navigator, New
Neurosoft, 1clickPCfix, New
Nival Interactive, Blitzkrieg, New
NVIDIA Corporation, Global, New
Olympus, OLYMPUS CAMEDIA Master 4.2, New
Olympus, Camedia Master 4, New
On2 Technologies, On2 VP3 Video For Windows Codec, New
On2 Technologies, VFW Encoder/Decoder Settings, New
On2 Technologies, VP6 VFW Codec, New
OpenOffice.org, OpenOffice.org, New
OpenOffice.org, Uno, New
Pacificpoker, Casinopoker, New
Pacificpoker, Poker, New
PartyGaming, Partypoker, New
PepiMK Software, SpybotSnD, New
Phoneaccessexe2, 360095, New
Poker 770, Pokebob, New
Poker 770, Psr35461022, New
Poker 770, QuickSearch, New
Pyro Studios, Praetorians, New
Pyro Studios, Praetorians Game, New
RealNetworks, Gemini, New
RealNetworks, Preferences, New
RealNetworks, RealMediaSDK, New
RealNetworks, RealPlayer, New
RealNetworks, Update, New
RegistrySmart, RegistrySmart, New
Rmr10, Settings, New
Schlumberger, Smart Cards And Terminals, New
SecuROM, Keys, New
SecuROM, Wl, New
Sensaura, Audio3D, New
Silicon Integrated Systems Corporation, SiS AGP Driver, New
Skype, Installer, New
Skype, Phone, New
Skype, PluginManager, New
Skype, ProtectedStorage, New
SmallRockets, Application, New
Soeperman Enterprises Ltd., HijackThis, New
Sonic Foundry, Vegas, New
Sonic Foundry, Video Capture, New
SpeedTouch, Classes, New
SpeedTouch, Setup Wizard, New
Ssi, Panzer General 3D, New
Sun Microsystems, StarOffice, New
SyncIT, EPGSync, New
Synetic, TruckRace, New
Thq, Jimmy Neutron Boy Genius, New
Titan Poker, Floatingchat, New
Titan Poker, Pokebob, New
Titan Poker, QuickSearch, New
Titan Poker, Ttr68957322, New
ValueSoft, Hard Truck 18, New
VB And VBA Program Settings, CCleaner, New
VB And VBA Program Settings, Euro Add-in, New
VB And VBA Program Settings, FrmAudioCDWriter, New
VB And VBA Program Settings, FrmCDDVDWriter, New
VB And VBA Program Settings, Plugin, New
Vhld, Machine_id, New
VirtuaMedia, ZoomPlayer, New
WinAntiVirus Pro 2007, Settings, New
WinRAR, DialogEditHistory, New
WinRAR, FileList, New
WinRAR, Formats, New
WinRAR, General, New
WinRAR, Interface, New
WinRAR, Profiles, New
WinRAR, Setup, New
WinRAR, Viewer, New
Wmr10, Settings, New
X-avcsd, Workstation, New
XemiCo, Screen Saver, New
Xfire, Exceptions, New
Yahoo, Companion, New
Yahoo, Insthelper, New
Yahoo, YFriendsBar, New
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 09/11/2007 a 9:55:11.14
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\stera.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\WinAntivirus Pro 2007\"
tentative de suppression de "C:\Program Files\WinAntiVirus Pro 2007\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:17:42 09/11/2007
+ Résultat de l'analyse:
I:\WINDOWS\system32\azesearch2.dll -> Adware.Azesearch : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.Companion : Nettoyé.
I:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Nettoyé.
I:\Documents and Settings\Bob\Local Settings\Temp\uninstall.exe -> Adware.EliteBar : Nettoyé.
C:\WINDOWS\system32\Uninstallsss.exe -> Adware.GAINNetwork : Nettoyé.
I:\WINDOWS\unstall.exe -> Adware.MediaMotor : Nettoyé.
I:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyé.
F:\c\Program Files\ErrorSafeScannerInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignoré.
F:\temp\WinAntiVirusPro2007FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
F:\temp\SystemDoctor2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignoré.
F:\c\fastbob\Cookies\fastbob@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.5:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.84:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
F:\c\fastbob\Cookies\fastbob@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.50:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.98:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
F:\c\fastbob\Cookies\fastbob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.94:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.32:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.8:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.95:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.104:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.105:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.58:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.48:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.129:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.130:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyé.
:mozilla.33:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.49:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
F:\c\fastbob\Cookies\fastbob@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.124:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.125:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.75:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.76:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.77:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.25:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.30:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
F:\c\fastbob\Cookies\fastbob@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.83:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
F:\c\fastbob\Cookies\fastbob@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.5:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.6:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.7:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.76:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
F:\c\fastbob\Cookies\fastbob@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\WINDOWS\system32\gexcbyyu.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\hyhovepg.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\lqecxfox.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\mjfsqbye.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vjtffbon.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wnxxvbnp.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wrndpepo.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xvdovpwi.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\yvtkmitj.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Qu'en pense-tu? Est-ce grave docteur? Avira et Avg continuent à me sortir les mêmes infections...
Merci pour ton temps et tes conseils
fastbob
Il a fallu un peu de temps, mais voilà ,j'ai suivi tes conseils, mais suis pas sûr qu'il y ai grand changement...
D'abord, en mode sans échec, j'ai du aller chercher les fichiers via le gestionnaire de tâche, sinon, j'avais un écran noir... Normal?
Puis, SmitFraudFix.cmd se trouvait en c:\WINDOW\system32\cmd.exe, et quand je le sélectionnais, il me proposait: c:\WINDOW\system32, à quoi je ne savais que répondre!? regcleaner quant à lui n'a pas voulu démarrer..., et pour ce qui est du scan en ligne, à ma réponse "j'accepte", il ne répond pas et donc ne démarre pas...
En tout cas voici les rapports que j'ai pu avoir:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:21, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\lcspmvqe.dll",sitypnow
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore, selected 270 of 270
[syntax: Author, Software, Age ]
[Unknown], 5110, New
[Unknown], 5110005345000000, New
[Unknown], CCleaner, New
[Unknown], Centrebet Poker, New
[Unknown], Chilipoker, New
[Unknown], Companion Wizard, New
[Unknown], CryptoUA, New
[Unknown], Europa Casino, New
[Unknown], KLCodecPack, New
[Unknown], Licenses, New
[Unknown], MansionPoker, New
[Unknown], npdpbn, New
[Unknown], Poker 770, New
[Unknown], PokerNetwork, New
[Unknown], PTECH, New
[Unknown], RegisteredApplications, New
[Unknown], SeasideSunset, New
[Unknown], Titan Poker, New
[Unknown], WinAntiVirus Pro 2007, New
[Unknown], Xfire, New
[Unknown], 24hPoker, New
[Unknown], 3ivx, New
[Unknown], 3rd Eye Solutions, New
[Unknown], Boonty, New
[Unknown], CoreVorbis, New
[Unknown], EIcouohwuMaclouIFMlneogwlcMcnnuIuM, New
[Unknown], eMule, New
[Unknown], MozillaPlugins, New
[Unknown], Opera Software, New
[Unknown], pokerinstaller, New
[Unknown], seekmosa, New
[Unknown], SOCID, New
[Unknown], Wif2, New
[Unknown], WinRAR SFX, New
[Unknown], WMVCR, New
3ivx, CurrentVersion, New
AC3filter, Delay, New
AC3filter, Equalizer, New
AC3filter, Matrix, New
AC3filter, Preset, New
ACE Compression Software, ActiveAce, New
Adaptec, UpgWizCompletion, New
Adobe, Adobe SVG Viewer, New
Adobe, CommonFiles, New
Adobe, Dlm, New
Adobe, Esd, New
Adobe, Reader, New
Adobe, Repair, New
Adobe, Acrobat Reader, New
Adobe, Acrobat, New
Aiptek, Digital Video Camera Manager, New
AntiSpywareBot, AntiSpywareBot, New
Apple Computer, Inc., QuickTime, New
Ariad, Application Libraries Log, New
Ariad, Application Libraries Log By Title, New
Ariad, Installation Paths, New
ASProtect, Data, New
ASProtect, SpecData, New
Atari, Titeuf, New
Avira, AntiVir PersonalEdition Classic, New
Bodog Poker, Game, New
Boonty, Common Install, New
Boonty, Licenses, New
Brother, BrMfBidi, New
Brother, Brpp2ka2, New
Brother, Bsplproc, New
Brother, Bsplproc2, New
Brother, Printer, New
Brother, PrtDrv, New
Bst, BSplayer, New
Bst, Bsplayerv1, New
C07ft5Y, Acenet_client_release, New
C07ft5Y, Arctic, New
C07ft5Y, Mcm2, New
C07ft5Y, Midtown, New
C07ft5Y, Nfshs, New
C07ft5Y, Sbk2001, New
C07ft5Y, WinXP, New
CaribbeanSunPoker, CaribbeanSunPoker, New
CaribbeanSunPoker, Pokebob, New
CDBurnerXP Pro 3, AudioGrabber, New
CDBurnerXP Pro 3, AudioWriter, New
CDBurnerXP Pro 3, DataWriter, New
CDBurnerXP Pro 3, General, New
CDV Software Entertainment AG, Blitzkrieg Burning Horizon, New
Centrebet Poker, Pokebob, New
Centrebet Poker, QuickSearch, New
Chilipoker, Floatingchat, New
Chilipoker, Lobby_favouritegames, New
Chilipoker, Pokebob, New
Chilipoker, QuickSearch, New
C-Media, C-Media 3D Audio, New
Codemasters, Insane, New
Cyberlink, Antenna, New
Cyberlink, Cable, New
Cyberlink, RemoteAgent, New
CyberLink, PowerDVD, New
CyberLink, PowerVCR II, New
Davilex, K2000, New
DivXNetworks, DivX4Windows, New
DVision, DVSeaTID, New
Eicon, Adsl, New
Electronic Arts, 3D Data, New
Electronic Arts, EA Sports, New
Electronic Arts, Need For Speed High Stakes, New
Electronic Arts, Network Play System, New
Empire Interactive, Ford Racing 3, New
Empire Interactive, Ford Racing 3 Demo, New
ESellerate, Affiliates, New
Eugen Systems, ActOfWar, New
Europa Casino, 8bs, New
Europa Casino, Al, New
Europa Casino, Aroundtheworld, New
Europa Casino, Bt, New
Europa Casino, C7, New
Europa Casino, Er, New
Europa Casino, Gc, New
Europa Casino, Hh, New
Europa Casino, Lobby_favouritegames, New
Europa Casino, Ma, New
Europa Casino, Pso, New
Europa Casino, Rodz, New
Europa Casino, Rollercoasterdice, New
Europa Casino, Rop, New
Europa Casino, Videopoker_4aces, New
Europa Casino, Videopoker_4deuceswild, New
Europa Casino, Videopoker_4jacks, New
Europa Casino, Videopoker_50jacks, New
Europa Casino, Videopoker_highlow, New
Europa Casino, Videopoker_jacks, New
Europa Casino, Videopoker_joker, New
FullCircle, TalkBack, New
Gabest, DirectVobSub, New
Gabest, DVobSub, New
Gabest, Media Player Classic, New
GameSpy, GameSpy 3D, New
Gemplus, Cryptography, New
Gnu, Ffdshow, New
Gnu, XviD, New
Google, Common, New
Google, KeyholeCommonSettings, New
Google, CommonSettings, New
Google, CustomSearch, New
Google, GECommonSettings, New
Google, Google Earth Plus, New
Google, Google Toolbar, New
Google, Google Updater, New
Google, GoogleToolbarNotifier, New
Google, NavClient, New
Grisoft, AVGAntiSpyware, New
Grisoft, Avg7, New
Grisoft, Clients, New
GSpot Appliance Corp, GSpot, New
Infogrames, Graph_obj, New
Insanity3D System, Applications, New
InstallShield, Driver, New
Intel, Indeo® Software, New
Intel, Psis, New
Intel, Indeo, New
InterActive Vision, 112 Reddingshelicopter, New
InterTrust, DocBox, New
InterVideo, Common, New
JavaSoft, Java Plug-in, New
JavaSoft, Java Update, New
JavaSoft, Java Web Start, New
JavaSoft, Java Runtime Environment, New
JavaSoft, Java2D, New
Lonely Cat Games, Hidden And Dangerous Deluxe, New
LucasArts, Star Wars Battlefront, New
LucasArts, Star Wars Battlefront II, New
LucasArts, Star Wars Republic Commando, New
Macromedia, FlashPlayerPlugin, New
Macromedia, FlashPlayer, New
Macromedia, FlashPlayerUpdate, New
Macrovision, Safecast, New
MainConcept, DirectShow, New
Mfcr42, Installed, New
Mgs, Pokers, New
Mgs, Thumper, New
Mindscape, Team Apache, New
Mozilla, Mozilla Firefox, New
Mozilla, Mozilla Firefox 2.0.0.9, New
Mozilla, Mozilla, New
Mozilla, Mozilla Thunderbird 1.5, New
Mozilla Thunderbird, Desktop, New
Mozilla.org, Mozilla, New
MozillaPlugins, @adobe.com/FlashPlayer, New
MozillaPlugins, @pack.google.com/Google Updater;version=11, New
MozillaPlugins, @real.com/nppl3260;version=6.0.11.2027, New
MozillaPlugins, @real.com/nprpjplug;version=6.0.12.1040, New
MozillaPlugins, @real.com/nsJSRealPlayerPlugin;version=, New
MozillaPlugins, Yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1, New
NATATA EBook, Adult Tv 24/7{881AA878-40CF-4763-B387-486872D53F07}, New
NATATA EBook, TV On Your PC{6461CBBF-68FF-456A-9327-C5333495221F}, New
Netscape, Netscape Navigator, New
Neurosoft, 1clickPCfix, New
Nival Interactive, Blitzkrieg, New
NVIDIA Corporation, Global, New
Olympus, OLYMPUS CAMEDIA Master 4.2, New
Olympus, Camedia Master 4, New
On2 Technologies, On2 VP3 Video For Windows Codec, New
On2 Technologies, VFW Encoder/Decoder Settings, New
On2 Technologies, VP6 VFW Codec, New
OpenOffice.org, OpenOffice.org, New
OpenOffice.org, Uno, New
Pacificpoker, Casinopoker, New
Pacificpoker, Poker, New
PartyGaming, Partypoker, New
PepiMK Software, SpybotSnD, New
Phoneaccessexe2, 360095, New
Poker 770, Pokebob, New
Poker 770, Psr35461022, New
Poker 770, QuickSearch, New
Pyro Studios, Praetorians, New
Pyro Studios, Praetorians Game, New
RealNetworks, Gemini, New
RealNetworks, Preferences, New
RealNetworks, RealMediaSDK, New
RealNetworks, RealPlayer, New
RealNetworks, Update, New
RegistrySmart, RegistrySmart, New
Rmr10, Settings, New
Schlumberger, Smart Cards And Terminals, New
SecuROM, Keys, New
SecuROM, Wl, New
Sensaura, Audio3D, New
Silicon Integrated Systems Corporation, SiS AGP Driver, New
Skype, Installer, New
Skype, Phone, New
Skype, PluginManager, New
Skype, ProtectedStorage, New
SmallRockets, Application, New
Soeperman Enterprises Ltd., HijackThis, New
Sonic Foundry, Vegas, New
Sonic Foundry, Video Capture, New
SpeedTouch, Classes, New
SpeedTouch, Setup Wizard, New
Ssi, Panzer General 3D, New
Sun Microsystems, StarOffice, New
SyncIT, EPGSync, New
Synetic, TruckRace, New
Thq, Jimmy Neutron Boy Genius, New
Titan Poker, Floatingchat, New
Titan Poker, Pokebob, New
Titan Poker, QuickSearch, New
Titan Poker, Ttr68957322, New
ValueSoft, Hard Truck 18, New
VB And VBA Program Settings, CCleaner, New
VB And VBA Program Settings, Euro Add-in, New
VB And VBA Program Settings, FrmAudioCDWriter, New
VB And VBA Program Settings, FrmCDDVDWriter, New
VB And VBA Program Settings, Plugin, New
Vhld, Machine_id, New
VirtuaMedia, ZoomPlayer, New
WinAntiVirus Pro 2007, Settings, New
WinRAR, DialogEditHistory, New
WinRAR, FileList, New
WinRAR, Formats, New
WinRAR, General, New
WinRAR, Interface, New
WinRAR, Profiles, New
WinRAR, Setup, New
WinRAR, Viewer, New
Wmr10, Settings, New
X-avcsd, Workstation, New
XemiCo, Screen Saver, New
Xfire, Exceptions, New
Yahoo, Companion, New
Yahoo, Insthelper, New
Yahoo, YFriendsBar, New
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 09/11/2007 a 9:55:11.14
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\stera.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\WinAntivirus Pro 2007\"
tentative de suppression de "C:\Program Files\WinAntiVirus Pro 2007\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:17:42 09/11/2007
+ Résultat de l'analyse:
I:\WINDOWS\system32\azesearch2.dll -> Adware.Azesearch : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Nettoyé.
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.Companion : Nettoyé.
I:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Nettoyé.
I:\Documents and Settings\Bob\Local Settings\Temp\uninstall.exe -> Adware.EliteBar : Nettoyé.
C:\WINDOWS\system32\Uninstallsss.exe -> Adware.GAINNetwork : Nettoyé.
I:\WINDOWS\unstall.exe -> Adware.MediaMotor : Nettoyé.
I:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyé.
F:\c\Program Files\ErrorSafeScannerInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignoré.
F:\temp\WinAntiVirusPro2007FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré.
F:\temp\SystemDoctor2006FreeInstall_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignoré.
F:\c\fastbob\Cookies\fastbob@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.5:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
F:\c\fastbob\Cookies\fastbob@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.84:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
F:\c\fastbob\Cookies\fastbob@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.50:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.98:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
F:\c\fastbob\Cookies\fastbob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.94:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.32:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.8:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.95:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.104:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.105:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.58:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.48:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.129:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.130:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\fastbob\Cookies\fastbob@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
I:\Documents and Settings\Bob\Cookies\bob@paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyé.
:mozilla.33:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.49:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Real : Nettoyé.
F:\c\fastbob\Cookies\fastbob@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
F:\c\fastbob\Cookies\fastbob@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.124:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.125:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.75:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.76:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.77:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.25:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.30:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.59:I:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\8ehyxgx7.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
F:\c\fastbob\Cookies\fastbob@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.83:I:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\9ig1p6zs.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
F:\c\fastbob\Cookies\fastbob@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.5:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.6:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.7:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Acheteur\Cookies\acheteur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.76:C:\Documents and Settings\Acheteur\Application Data\Mozilla\Firefox\Profiles\vsgfll8v.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
F:\c\fastbob\Cookies\fastbob@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\WINDOWS\system32\gexcbyyu.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\hyhovepg.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\lqecxfox.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\mjfsqbye.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vjtffbon.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wnxxvbnp.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wrndpepo.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xvdovpwi.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\yvtkmitj.dll -> Trojan.BHO.om : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Qu'en pense-tu? Est-ce grave docteur? Avira et Avg continuent à me sortir les mêmes infections...
Merci pour ton temps et tes conseils
fastbob
Re, entre-temps je suis allé voir plus loin dans les forums, et j'ai fait un scan avec combofix, et j'ai fixé es lignes 02 et 20 dans hijackthis, il me semble que ça marche, avg et avira sont silencieux jusqu à présent . Je vais voir ton post et peut-être changer d'anti-virus, qu'en penses-tu?
Voici les rapports de combofix et hijackthis avant et après fixation...
ComboFix 07-11-08.1 - Acheteur 2007-11-09 13:20:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 1:00]
Running from: F:\temp\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Log\2007 Nov 07 - 04_22_33 PM_250.log
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Log\2007 Nov 07 - 04_22_35 PM_281.log
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Acheteur\err.log
C:\Documents and Settings\Acheteur\ResErrors.log
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\All Users\Bureau\WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007\Désinstaller WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007\Manuel de WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007.lnk
C:\Program Files\Fichiers communs\companion wizard
C:\Program Files\Fichiers communs\companion wizard\CompWiz.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\hggeffg.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FOPN
-------\LEGACY_FWSVC
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\FOPN
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))))))))
Hijackthis: AVANT
Logfile of HijackThis v1.99.1
Scan saved at 13:34:01, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
APRES
Logfile of HijackThis v1.99.1
Scan saved at 13:45:01, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Voici les rapports de combofix et hijackthis avant et après fixation...
ComboFix 07-11-08.1 - Acheteur 2007-11-09 13:20:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 1:00]
Running from: F:\temp\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Log\2007 Nov 07 - 04_22_33 PM_250.log
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Log\2007 Nov 07 - 04_22_35 PM_281.log
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Acheteur\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Acheteur\err.log
C:\Documents and Settings\Acheteur\ResErrors.log
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\All Users\Bureau\WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007\Désinstaller WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007\Manuel de WinAntiVirus Pro 2007.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007.lnk
C:\Program Files\Fichiers communs\companion wizard
C:\Program Files\Fichiers communs\companion wizard\CompWiz.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\hggeffg.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FOPN
-------\LEGACY_FWSVC
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\FOPN
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))))))))
Hijackthis: AVANT
Logfile of HijackThis v1.99.1
Scan saved at 13:34:01, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
APRES
Logfile of HijackThis v1.99.1
Scan saved at 13:45:01, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\temp\Nouveau dossier\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - F:\jeux\poker\Titan Poker\casino.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - F:\jeux\ppoker\PACIFI~2\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D963B96-CCA5-4C9D-952B-0017FB6888BD}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectVuvz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
10 nov. 2007 à 09:26
10 nov. 2007 à 09:26
Bonjour,
vu par hasard,
Tes 2 antivirus vont se marcher dessus. Ta sécurité est diminuée. Choisis en un. Si tu en payes un, tu le gardes. Sinon, mon conseil est plutôt antivir.
tu es encore infecté (et ton log combofix est incomplet)
Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
PS Flash-one, tu as priorité sur ce post, évidemment.
vu par hasard,
Tes 2 antivirus vont se marcher dessus. Ta sécurité est diminuée. Choisis en un. Si tu en payes un, tu le gardes. Sinon, mon conseil est plutôt antivir.
tu es encore infecté (et ton log combofix est incomplet)
Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
PS Flash-one, tu as priorité sur ce post, évidemment.