Sujet Précédent Sujet Suivant

Popup intempestif

Fermé
startouff56 - 17 févr. 2008 à 23:16
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 - 23 févr. 2008 à 19:58
Bonjour,
J'ai un petit probleme plutot banale quand je navigue sur internet des popups s'ouvrent toutes les deux minutes ce qui est assez penible !
voici un hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:14:20, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {616475A4-49A2-4ED1-92B9-FD81FD9C77A2} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9E610318-62CD-4CA5-B50C-F41849C73598} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
18 févr. 2008 à 11:12
Bonjour,

1) Télécharge sur ton bureau Navilog: http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

* Double-clique sur navilog1.exe
* Dans le menu principal, choisis l'option 1 et valide
* Poste le rapport sauvegardé à la racine du disque (fixnavi.txt)

2) Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

* Double-clique sur VundoFix.exe
* Clique sur le bouton Scan for Vundo
* Si le programme te demande de supprimer des fichiers, dis oui
* Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
0
Réponse 2 / 22
startouff56
18 févr. 2008 à 13:05
merci d'avoir repondus a mon post ! Mais j'ai laissé navilog plus d'une demie heur sur l'option 1 et il ne finit pas son rapport donc j'ai arrêté le scan dois-je quand même faire le petit 2 de votre réponse (vundofix) ?
0
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
18 févr. 2008 à 13:39
vui envoie vundofix.

Puis réessaye navilog ^^
0
Réponse 3 / 22
startouff56
18 févr. 2008 à 21:40
voici le rapport vundofix:


VundoFix V6.3.15

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 19:05:14 13/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\byxxwwv.dll
C:\WINDOWS\system32\ckhfxpvj.exe
C:\WINDOWS\system32\ddcbcbx.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\hggdeby.dll
C:\WINDOWS\system32\hhrkfhdc.exe
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\pdyuweee.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\qrpgmoeq.dll
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.tmp
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\yiitholc.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\awtqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxwwv.dll
C:\WINDOWS\system32\byxxwwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckhfxpvj.exe
C:\WINDOWS\system32\ckhfxpvj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbcbx.dll
C:\WINDOWS\system32\ddcbcbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\gebyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggdeby.dll
C:\WINDOWS\system32\hggdeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhrkfhdc.exe
C:\WINDOWS\system32\hhrkfhdc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pdyuweee.dll
C:\WINDOWS\system32\pdyuweee.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrpgmoeq.dll
C:\WINDOWS\system32\qrpgmoeq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.tmp
C:\WINDOWS\system32\qrutv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yiitholc.exe
C:\WINDOWS\system32\yiitholc.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:51:33 18/02/2008

Listing files found while scanning....

No infected files were found.
0
Réponse 4 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
19 févr. 2008 à 09:20
Hello !

Wahou, il a bien bossé !! ^^

* Ouvre Hijackthis, choisis "do a scan only"

Coche la case devant les lignes:
O2 - BHO: (no name) - {616475A4-49A2-4ED1-92B9-FD81FD9C77A2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9E610318-62CD-4CA5-B50C-F41849C73598} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Ferme toutes les autres fenêtres actives et clique sur "Fix checked"

* Tu as réessayé Navilog ? Eventuellement, désinstalle-le via Ajout/Suppression de programmes puis réinstalle ;o)

* Puis poste un dernier rapport HiJack pour vérification stp.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
startouff56
19 févr. 2008 à 12:43
Navilog ne marche toujours pas bizarre ! apres avoir téléchargé linstaler je l'ai laissé sur mon bureau dois je le mettre sur le lecteur C ou autre ?? Voici le rapport hijack après la manip que tu m'as demandé:

Logfile of HijackThis v1.99.1
Scan saved at 12:34:18, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 6 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
19 févr. 2008 à 14:20
* Non sur le bureau c'est bien pour Navilog.

Essaie en mode sans échec ;o) (tapote F8 ou F5 au démarrage)

* Il reste une petite cochonnerie...

Télécharge, installe, mets à jour AVG anti-spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

Lance un scan et poste le rapport.
0
Réponse 7 / 22
startouff56
19 févr. 2008 à 18:28
rapport AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:26:33 19/02/2008

+ Résultat de l'analyse:



C:\QooBox\Quarantine\C\WINDOWS\mrofinu1148.exe.vir -> Downloader.Agent.hql : Aucune action entreprise.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0217977.exe -> Downloader.Agent.hql : Aucune action entreprise.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0218016.exe -> Downloader.Agent.hql : Aucune action entreprise.
C:\WINDOWS\17PHolmes1148.exe -> Downloader.Agent.hql : Aucune action entreprise.
C:\WINDOWS\mrofinu1148.exe.tmp -> Downloader.Agent.hql : Aucune action entreprise.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP680\A0218285.EXE -> Not-A-Virus.Downloader.Win32.Url2File.a : Aucune action entreprise.
:mozilla.387:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.388:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.389:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.169:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.170:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.229:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.284:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.396:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.279:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.280:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.182:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.110:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.421:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.184:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.185:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.186:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\chloe\Application Data\Mozilla\Firefox\Profiles\sxcmgt2u.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.285:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.286:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.287:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.288:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.289:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.205:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.206:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.207:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@fastclick[1].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.314:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.399:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.417:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.164:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.341:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\chloe\Application Data\Mozilla\Firefox\Profiles\sxcmgt2u.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.168:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.242:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
:mozilla.243:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
:mozilla.343:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.272:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.273:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.274:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.275:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.276:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.277:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.278:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.80:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.82:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.139:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.63:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tacoda : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.84:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.85:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.86:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\thomas\Cookies\thomas@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.245:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.246:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.247:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.248:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.249:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.344:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.345:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.346:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.347:C:\Documents and Settings\thomas\Application Data\Mozilla\Firefox\Profiles\i3r020fz.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir -> Trojan.Agent.dwb : Aucune action entreprise.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0218017.exe -> Trojan.Agent.dwb : Aucune action entreprise.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP678\A0217968.com -> Trojan.Agent.dwd : Aucune action entreprise.


Fin du rapport
0
Réponse 8 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
20 févr. 2008 à 09:04
Bonjour,

désolé, j'avais oublié qq instructions:

* lance AVG Anti-Spyware et clique sur le bouton "Mise à jour". Patiente...

Si les mises a jours ne se font pas, elles sont telechargeables ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisis d'abord l'onglet "paramètres"

Sous « Comment réagir » clique sur « Actions recommandées » et dans le menu déroulant, choisis « Supprimer »

-> Lance le scan (c´est long...)

-> A la fin du scan, copie-colle le rapport ici.
0
Réponse 9 / 22
startouff56
20 févr. 2008 à 10:01
A la suite du scan d'hier j'ai supprimé toutes les petites choses que avg venait de trouver ! est ce que je dois quand meme faire ce que tu me demande ?
0
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
20 févr. 2008 à 10:07
? ben ça se voit pas dans le rapport !

D'où je te demandais de modifier l'action à prendre.

1) Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Double clique sur Combofix.exe
* Mets le en langue française F
* Tape sur la touche 1 (Yes) pour démarrer le scan
* Lorsque le scan sera terminé, un rapport apparaîtra
* Poste le rapport sauvegardé: C:\Combofix.txt

2) Poste un nouveau rapport HiJack
0
Réponse 10 / 22
startouff56
20 févr. 2008 à 10:47
voici le rapport combofix puis je vais posté le hijack:

ComboFix 08-02-20.2 - thomas 2008-02-20 10:34:55.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT 1:00]
Endroit: C:\Documents and Settings\thomas\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz.dat
C:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz.exe
c:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz_nav.dat
C:\Documents and Settings\thomas\Local Settings\Application Data\wxiiyz_navps.dat
C:\WINDOWS\system32\nvs2.inf

----- BITS: Possible sites infectés -----

hxxp://au.download.windowsupdate
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 22:09 . 2008-02-19 22:17 <REP> d-------- C:\Documents and Settings\thomas\dwhelper
2008-02-19 12:37 . 2008-02-19 12:37 <REP> d-------- C:\Program Files\Navilog1
2008-02-19 12:31 . 2008-02-19 12:31 <REP> d-------- C:\backups
2008-02-13 18:17 . 2008-02-13 18:18 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-06 18:24 . 2008-02-06 18:24 <REP> d-------- C:\Program Files\LucasArts
2008-01-24 23:23 . 2008-01-24 23:23 <REP> d-------- C:\Documents and Settings\thomas\Application Data\EDrawings
2008-01-24 23:22 . 2008-01-24 23:22 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared
2008-01-24 23:22 . 2008-01-24 23:22 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-01-24 23:21 . 2008-01-24 23:21 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 09:32 108,611 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-20 08:28 --------- d-----w C:\Program Files\SolidNetWork License Manager
2008-02-19 13:42 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 20:15 --------- d-----w C:\Program Files\DivX
2008-02-16 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 18:57 --------- d-----w C:\Program Files\MSN Messenger
2008-02-10 18:53 --------- d-----w C:\Documents and Settings\thomas\Application Data\Canon
2008-02-10 17:27 11,176 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-02-03 16:13 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DivX
2008-01-30 17:04 154 ----a-w C:\Documents and Settings\chloe\Application Data\wklnhst.dat
2008-01-25 18:02 --------- d-----w C:\Documents and Settings\catherine\Application Data\Canon
2008-01-17 20:38 --------- d-----w C:\Program Files\Dot1XCfg
2008-01-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 12:02 --------- d-----w C:\Program Files\LimeWire
2007-12-25 16:38 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-01 19:56 384 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb6334.dat
2007-03-01 17:57 194 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb8467.dat
2007-03-01 17:57 18,432 ----a-w C:\Documents and Settings\thomas\Application Data\internaldb41.dat
2007-01-14 19:31 7,922 ----a-w C:\Documents and Settings\thomas\Application Data\wklnhst.dat
2006-08-04 19:10 1 ----a-w C:\Documents and Settings\thomas\SI.bin
2006-01-09 15:17 62,752 ----a-w C:\Documents and Settings\thomas\Application Data\GDIPFONTCACHEV1.DAT
2005-06-28 19:17 1,898 ----a-w C:\Documents and Settings\catherine\Application Data\wklnhst.dat
2005-01-22 12:07 62,368 ----a-w C:\Documents and Settings\catherine\Application Data\GDIPFONTCACHEV1.DAT
2004-12-27 07:33 0 ----a-w C:\Documents and Settings\hugo\Application Data\wklnhst.dat
2007-03-13 16:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-09-16 10:24 155896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 18:00 15360]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-01-02 00:55 159744]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 15:08 4937512]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:43 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 03:43 233472]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 16:47 249856]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 01:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-25 03:10 339968]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 08:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 17:49 50688]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-06 10:56 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11 866584]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40 462848]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45 90112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 12:31:38 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 SolidNetWork License Manager;SolidNetWork License Manager;C:\Program Files\SolidNetWork License Manager\lmgrd.exe [2001-10-05 08:20]
S3 PWIPENUM;PWIPENUM;C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-19 13:42:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-20 08:31:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 10:41:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-20 10:44:32
ComboFix-quarantined-files.txt 2008-02-20 09:44:26
ComboFix2.txt 2008-01-19 21:02:10
.
2008-02-20 08:37:32 --- E O F ---
0
Réponse 11 / 22
startouff56
20 févr. 2008 à 10:49
voici le hijack :

Logfile of HijackThis v1.99.1
Scan saved at 10:48, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 12 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
20 févr. 2008 à 10:56
Télécharge: http://siri.urz.free.fr/Fix/SmitfraudFix.zip

* Exécute-le, double-clic sur Smitfraudfix.cmd, choisis l’option 1

* Il va générer un rapport : copie/colle son contenu
0
Réponse 13 / 22
startouff56
20 févr. 2008 à 11:08
rapport smitfraudfix :

SmitFraudFix v2.292

Rapport fait à 11:03:22.67, 2008-02-20
Executé à partir de C:\Documents and Settings\thomas\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thomas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thomas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\thomas\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{B043D92F-55D6-4093-9BE3-A6615FE1F4E7}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 14 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
20 févr. 2008 à 11:17
Fais une analyse BitDefender à partir d'IE: https://www.bitdefender.fr/

(bouton "BitDefender scan online dans la colonne de gauche)

Poste le rapport
0
Réponse 15 / 22
startouff56
20 févr. 2008 à 13:39
Rapport bitdefender:

BitDefender Online Scanner







Scan report generated at: Wed, Feb 20, 2008 - 13:31:13









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;















Statistics

Time


01:48:32

Files


520564

Folders


11746

Boot Sectors


3

Archives


18596

Packed Files


30465







Results

Identified Viruses


3

Infected Files


70

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


70







Engines Info

Virus Definitions


982364

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Désinfecté

Second Action


Supprimé

Heuristics


Oui

Enable Warnings


Oui

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Oui

Scan Archives


Oui

Scan Packed


Oui

Scan Files


Oui

Scan Boot


Oui








Scanned File


Status

C:\Documents and Settings\thomas\Incomplete\install.exe


Infecté par: Trojan.Vundo.AE

C:\Documents and Settings\thomas\Incomplete\install.exe


Echec de la désinfection

C:\Documents and Settings\thomas\Incomplete\install.exe


Supprimé

C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\01 Track 1.wma


Infecté par: Trojan.Downloader.Wma.Wimad.K

C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\01 Track 1.wma


Supprimé

C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\03 Track 3.wma


Infecté par: Trojan.Downloader.Wma.Wimad.K

C:\Documents and Settings\thomas\Mes documents\Mes archives de conversations\Ma musique\03 Track 3.wma


Supprimé

C:\Program Files\Mozilla Firefox\absqxw.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\absqxw.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\absqxw.exe


Supprimé

C:\Program Files\Mozilla Firefox\adbodz.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\adbodz.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\adbodz.exe


Supprimé

C:\Program Files\Mozilla Firefox\aovypr.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\aovypr.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\aovypr.exe


Supprimé

C:\Program Files\Mozilla Firefox\bchcpu.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\bchcpu.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\bchcpu.exe


Supprimé

C:\Program Files\Mozilla Firefox\ckxiqr.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\ckxiqr.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\ckxiqr.exe


Supprimé

C:\Program Files\Mozilla Firefox\cmsouq.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\cmsouq.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\cmsouq.exe


Supprimé

C:\Program Files\Mozilla Firefox\dysmsh.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\dysmsh.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\dysmsh.exe


Supprimé

C:\Program Files\Mozilla Firefox\fqulpn.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\fqulpn.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\fqulpn.exe


Supprimé

C:\Program Files\Mozilla Firefox\gjgzea.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\gjgzea.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\gjgzea.exe


Supprimé

C:\Program Files\Mozilla Firefox\ijxulx.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\ijxulx.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\ijxulx.exe


Supprimé

C:\Program Files\Mozilla Firefox\ikjroz.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\ikjroz.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\ikjroz.exe


Supprimé

C:\Program Files\Mozilla Firefox\kycbpb.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\kycbpb.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\kycbpb.exe


Supprimé

C:\Program Files\Mozilla Firefox\opamjw.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\opamjw.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\opamjw.exe


Supprimé

C:\Program Files\Mozilla Firefox\palwhy.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\palwhy.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\palwhy.exe


Supprimé

C:\Program Files\Mozilla Firefox\plwucd.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\plwucd.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\plwucd.exe


Supprimé

C:\Program Files\Mozilla Firefox\rjejmi.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\rjejmi.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\rjejmi.exe


Supprimé

C:\Program Files\Mozilla Firefox\rqwikj.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\rqwikj.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\rqwikj.exe


Supprimé

C:\Program Files\Mozilla Firefox\rvruis.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\rvruis.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\rvruis.exe


Supprimé

C:\Program Files\Mozilla Firefox\sufymd.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\sufymd.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\sufymd.exe


Supprimé

C:\Program Files\Mozilla Firefox\swptuc.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\swptuc.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\swptuc.exe


Supprimé

C:\Program Files\Mozilla Firefox\tghrpn.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\tghrpn.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\tghrpn.exe


Supprimé

C:\Program Files\Mozilla Firefox\uckkxc.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\uckkxc.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\uckkxc.exe


Supprimé

C:\Program Files\Mozilla Firefox\ueubhh.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\ueubhh.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\ueubhh.exe


Supprimé

C:\Program Files\Mozilla Firefox\vleinl.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\vleinl.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\vleinl.exe


Supprimé

C:\Program Files\Mozilla Firefox\wnptvi.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\wnptvi.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\wnptvi.exe


Supprimé

C:\Program Files\Mozilla Firefox\wqyxpm.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\wqyxpm.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\wqyxpm.exe


Supprimé

C:\Program Files\Mozilla Firefox\xgxaus.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\xgxaus.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\xgxaus.exe


Supprimé

C:\Program Files\Mozilla Firefox\xsntcy.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\xsntcy.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\xsntcy.exe


Supprimé

C:\Program Files\Mozilla Firefox\xuvhqr.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\xuvhqr.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\xuvhqr.exe


Supprimé

C:\Program Files\Mozilla Firefox\xwjqve.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\xwjqve.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\xwjqve.exe


Supprimé

C:\Program Files\Mozilla Firefox\yandzm.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\yandzm.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\yandzm.exe


Supprimé

C:\Program Files\Mozilla Firefox\zikgin.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\zikgin.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\zikgin.exe


Supprimé

C:\Program Files\Mozilla Firefox\zuoame.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\Program Files\Mozilla Firefox\zuoame.exe


Echec de la désinfection

C:\Program Files\Mozilla Firefox\zuoame.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224755.exe


Infecté par: Trojan.Vundo.AE

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224755.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224755.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224757.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224757.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224757.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224758.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224758.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224758.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224759.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224759.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224759.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224760.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224760.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224760.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224761.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224761.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224761.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224762.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224762.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224762.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224763.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224763.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224763.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224764.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224764.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224764.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224765.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224765.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224765.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224766.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224766.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224766.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224767.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224767.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224767.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224768.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224768.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224768.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224769.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224769.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224769.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224770.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224770.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224770.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224771.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224771.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224771.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224772.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224772.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224772.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224773.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224773.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224773.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224774.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224774.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224774.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224775.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224775.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224775.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224776.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224776.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224776.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224777.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224777.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224777.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224778.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224778.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224778.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224779.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224779.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224779.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224780.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224780.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224780.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224781.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224781.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224781.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224782.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224782.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224782.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224783.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224783.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224783.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224784.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224784.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224784.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224785.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224785.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224785.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224786.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224786.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224786.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224787.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224787.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224787.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224788.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224788.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224788.exe


Supprimé

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224789.exe


Infecté par: Backdoor.Sdbot.DFEO

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224789.exe


Echec de la désinfection

C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP707\A0224789.exe


Supprimé

C:\WINDOWS\Installer\296f22.msp=>(Embedded CAB)


Nettoyé

C:\WINDOWS\Installer\296f22.msp=>(Embedded CAB)=>WINWORD.EXE


Nettoyé
0
Réponse 16 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
20 févr. 2008 à 14:00
ok, poste un dernier rapport HiJack stp
0
Réponse 17 / 22
startouff56
20 févr. 2008 à 15:03
voila :

Logfile of HijackThis v1.99.1
Scan saved at 15:03, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 18 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
20 févr. 2008 à 15:08
Ouvre Hijackthis, choisis "do a scan only"

Coche la case devant les lignes:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O20 - Winlogon Notify: req - C:\WINDOWS\
Ferme toutes les autres fenêtres actives et clique sur "Fix checked"
0
Réponse 19 / 22
startouff56
21 févr. 2008 à 12:08
OK c'est fait je te poste un nouveau rapport hijackthis ??
0
Réponse 20 / 22
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
21 févr. 2008 à 15:23
oui stp :o)
0

Discussions similaires

pc bloque
nico -
NICO -

33 réponses
mon ordi est bloquer sur american megatrends
kpointe -
doudous -

23 réponses
[PHP] Créer un pop up
ChtiChris -
ChtiChris -

6 réponses
Application popup
xavier -
cpd -

11 réponses
ALERT en php
snoopy -
appkech -

14 réponses