Scan virus

cy -  
 Utilisateur anonyme -
bonsoir a tous,

j'ai recemment formaté mon ordinateur en raison d'un probleme et j'ai fait un scan avec l'antivirus bitdefender 9 pro voici le resultat :

//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.0
//
// Créé le: 04/12/2005 17:09:22
//
//-----------------------------------------------------------------

Statistiques

Chemin cible: C:\temp
C:\WINDOWS
Dossiers : 562
Fichiers : 39375
Archives : 483
Fichiers empaquetés : 2385
Virus trouvés : 7
Fichiers infectés : 11
Alertes : 0
Fichiers suspects : 0
Fichiers désinfectés : 0
Fichiers effacés : 1
Fichiers copiés : 0
Fichiers déplacés : 9
Fichiers renommés : 0
Erreurs I/O : 13
Temps d'analyse := 00:08:38
Fichiers/seconde :76

Définitions virus : 240316
Plugins d'analyse : 13
Plugins archives : 39
Plug-ins décompression : 4
Plug-ins messagerie : 6
Plug-ins système : 1

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1133712562.log

Sommaire :

C:\WINDOWS\Downloaded Program Files\mm83.ocx Infecté avec: Trojan.Downloader.VB.R
C:\WINDOWS\Downloaded Program Files\mm83.ocx Désinfection impossible
C:\WINDOWS\Downloaded Program Files\mm83.ocx Déplacé
C:\WINDOWS\mrjj.exe Infecté avec: Trojan.Lowzones.CA
C:\WINDOWS\mrjj.exe Désinfection impossible
C:\WINDOWS\mrjj.exe Déplacé
C:\WINDOWS\optimize.exe Infecté avec: Trojan.Dyfuca.52104.B
C:\WINDOWS\optimize.exe Désinfection impossible
C:\WINDOWS\optimize.exe Déplacé
C:\WINDOWS\system32\diskmon32.exe Infecté avec: Backdoor.Poebot.B
C:\WINDOWS\system32\diskmon32.exe Désinfection impossible
C:\WINDOWS\system32\diskmon32.exe Déplacé
C:\WINDOWS\system32\i Infecté avec: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\system32\i Effacé
C:\WINDOWS\system32\logon.exe Infecté avec: Backdoor.Poebot.B
C:\WINDOWS\system32\logon.exe Désinfection impossible
C:\WINDOWS\system32\logon.exe Déplacé
C:\WINDOWS\system32\mss_32.exe Infecté avec: Trojan.Delf.OG
C:\WINDOWS\system32\mss_32.exe Désinfection impossible
C:\WINDOWS\system32\mss_32.exe Déplacé
C:\WINDOWS\system32\ntsfd.exe Infecté avec: Backdoor.Poebot.B
C:\WINDOWS\system32\ntsfd.exe Désinfection impossible
C:\WINDOWS\system32\ntsfd.exe Déplacé
C:\WINDOWS\system32\TFTP804 Infecté avec: Backdoor.Rbot.BNH
C:\WINDOWS\system32\TFTP804 Désinfection impossible
C:\WINDOWS\system32\TFTP804 Déplacé
C:\WINDOWS\system32\tivk.exe Infecté avec: Backdoor.Poebot.B
C:\WINDOWS\system32\tivk.exe Désinfection impossible
C:\WINDOWS\system32\tivk.exe Déplacé
C:\WINDOWS\VEL_.exe=>(RAR Sfx o)=>mrjj.exe Infecté avec: Trojan.Lowzones.CA
C:\WINDOWS\VEL_.exe=>(RAR Sfx o)=>mrjj.exe Désinfection impossible
C:\WINDOWS\VEL_.exe=>(RAR Sfx o)=>mrjj.exe Déplacement impossible

merci de bien vouloir m'aider

de plus, j'ai a chaque fois plusieurs fenetres qui s'affichent (des pubs d'internet) et pourtant j'ai un antispam et antifirewall je ne comprends pas

merci a vous tous et bonne soirée
Configuration: windows xp familial

20 réponses

  1. Utilisateur anonyme
     
    salut aparement ton antivirus a mis en quarantaine les fichier infectés exemple :
    C:\WINDOWS\Downloaded Program Files\mm83.ocx Déplacé

    tu as des pubs qui s'affiche alors :

    telecharge et execute ces antispywares ( pense a les mettre a jour avant de les lancées)
    (1) ad-aware version 1.06

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip
    ***
    (2) spybot version 1.4

    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    ***

    et aussi ceci
    (3) CleanUp40.exe
    http://www.florensac-chasse-trap.com/ section virus/logiciel de securite

    voir demo
    http://pageperso.aol.fr/balltrap34/democleanup.htm
    ***
    (4) a2

    http://www.emsisoft.net/fr/
    penser a le metre a jour avant de scanner le pc
    ***
    ps : un grand merci a balltrap pour les lien :)

    (5) Edwido
    http://download.ewido.net/ewido-setup.exe
    Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

    Clique sur scanner puis sur scan complet du système.

    (6)SmitfraudFix

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    ensuite telecharge hijackthis et colle le raport ici
    http://www.infos-du-net.com/telecharger/HijackThis.html

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    @+++++++++
    0
  2. cy
     
    voici le rapport du scan que j'ai fait :

    SmitFraudFix v2.06

    Rapport fait à 19:09:40,14 le 07/12/2005
    Executé à partir de C:\Fix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

    C:\contextplus.exe PRESENT !
    C:\drsmartload1.exe PRESENT !
    C:\stub_113_4_0_4_0.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

    C:\WINDOWS\timessquare.exe PRESENT!

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Phetburi\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    j'ai installé presque tous les antispyware que tu m'a dit
    0
  3. Utilisateur anonyme
     
    salut redemare en mode sans echec (redemarage + tappote sans arret sur F8 desque l'ordi s'allume)

    ensuite lance smitfraud et choisi l'option 2

    j'ai installé presque tous les antispyware que tu m'a dit
    ok tu les as installer c'est bien mais faut les mettre ajour et les executé

    @++++++
    0
  4. cy
     
    salut j'avais pas vu ton message alors pendant ce temps la j'ai continué de faire ce que tu m'avais conseillé de faire :

    voici le rapport de hijack this :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:23:44, on 07/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\acs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\brc.exe
    C:\windows\adtech2006.exe
    C:\WINDOWS\logon.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\System32\dnsmss.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\dnsmss.exe
    C:\PROGRA~1\FICHIE~1\zuwu\zuwum.exe
    C:\WINDOWS\system32\sistray.exe
    C:\PROGRA~1\FICHIE~1\zuwu\zuwua.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\ewido\security suite\securitysuite.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Aku\program\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\prefs.js)
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
    O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
    O4 - HKLM\..\Run: [symwsc.exe] C:\brc.exe
    O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
    O4 - HKLM\..\Run: [VEL_] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [dnsmss] C:\WINDOWS\System32\dnsmss.exe
    O4 - HKCU\..\Run: [zuwu] C:\PROGRA~1\FICHIE~1\zuwu\zuwum.exe
    O4 - HKCU\..\RunOnce: [dnsmss] C:\WINDOWS\System32\dnsmss.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133603594967
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\ktpml7711.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    voila merci !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    salut fix ces lignes avce hijack

    R3 - Default URLSearchHook is missing
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
    O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
    O4 - HKLM\..\Run: [symwsc.exe] C:\brc.exe
    O4 - HKLM\..\Run: [VEL_] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKCU\..\Run: [dnsmss] C:\WINDOWS\System32\dnsmss.exe
    O4 - HKCU\..\Run: [zuwu] C:\PROGRA~1\FICHIE~1\zuwu\zuwum.exe
    O4 - HKCU\..\RunOnce: [dnsmss] C:\WINDOWS\System32\dnsmss.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

    1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

    2. desactive ta restauration (pour win xp ) comme ceci :
    clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique

    3. affiche les fichier cacher comme ceci :
    clicker sur demarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher
    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
    Puis fais «Ok» pour valider les changements.
    Decocher masquer les extentions dont le type est connues

    4.ensuite va dans demarrer/rechercher et tape: (un par un)

    algs.exe
    brc.exe
    mrjj.exe
    adtech2006.exe
    logon.exe
    zuwum.exe
    dnsmss.exe

    suprime leset vide ta corebeille

    reactive la restauration et masque les fichiers caché en suivant le meme chemin

    redemarre en mode sans echec

    lance les programe que t'as telecharger

    refait un hijack et colle le resultat ici

    @++++
    0
  7. cy
     
    j'ai fait tout ce que tu m'as dit, j'ai tout telecahrgé, et installé et fait les scan ca m'a enlevé pleins de mauvaises choses
    voici le scan :

    Logfile of HijackThis v1.99.1
    Scan saved at 23:26:25, on 07/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\acs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\brc.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Netscape\Netscape Browser\netscape.exe
    C:\Aku\program\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
    O4 - HKLM\..\Run: [symwsc.exe] C:\brc.exe
    O4 - HKLM\..\Run: [VEL_] C:\windows\mrjj.exe
    O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [zuwu] C:\PROGRA~1\FICHIE~1\zuwu\zuwum.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O15 - Trusted Zone: *.media-motor.net
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133603594967
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\o2pqlc751f.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    jspr ke tt est en ordre par contre j'arriv plus a demarrer : SmitFraudFix car un fichier manque
    et lorsque j'ai fait mes scan avec tous les logiciels il me semble l'avoir vu et je ne sais plus quel logiciel a supprimé a des elements de smitfraudfix car il y avait un spyware a l'interieur

    voila merci
    0
  8. Utilisateur anonyme
     
    salut as tu fixer les lignes avec hijack ?
    as tu supprimer en mode sans echec les fichiers comme je te l'ai dit?

    parceque aparement il sont toujour la et donc ton log est toujour infecté

    @++++++++++
    0
  9. cy
     
    voici le rapport d'un autre logiciel :

    ---------------------------------------------------------
    ewido security suite - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 23:59:43, 07/12/2005
    + Somme de contrôle: 5E2D2C52

    + Résultats du scan:

    HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Nettoyer et sauvegarder
    [1452] C:\WINDOWS\system32\bkdispl.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    [3244] C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
    :mozilla.43:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.49:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
    :mozilla.59:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
    :mozilla.61:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
    :mozilla.62:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
    :mozilla.64:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
    :mozilla.65:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    :mozilla.6:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.7:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.8:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.9:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.10:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.11:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.12:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.13:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.14:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.19:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    :mozilla.22:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.23:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.24:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.25:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    :mozilla.26:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    :mozilla.27:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    :mozilla.28:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    :mozilla.29:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    :mozilla.30:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    :mozilla.32:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
    :mozilla.33:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
    :mozilla.34:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
    :mozilla.35:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
    :mozilla.36:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
    :mozilla.40:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    :mozilla.44:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
    :mozilla.55:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
    :mozilla.56:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
    :mozilla.57:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
    :mozilla.58:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
    :mozilla.59:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
    :mozilla.64:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Questionmarket : Nettoyer et sauvegarder
    :mozilla.71:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Ru4 : Nettoyer et sauvegarder
    :mozilla.72:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Ru4 : Nettoyer et sauvegarder
    :mozilla.73:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Ru4 : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@advertising[2].txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@ehg-noven.hitbox[2].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@hitbox[1].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@sfr.122.2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    C:\WINDOWS\system32\dmrawex.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\i0lola331d.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\vds_ps.dll -> Spyware.Look2Me : Nettoyer et sauvegarder

    ::Fin du rapport

    jvais retelecharger hijackthis et refaire ce que tu as dit

    oui j'ai tout effacer les fichiers temporaires et supprimer les fichiers exe que tu m'as dit : certains n'existaient pas et certains existaient ce que je trouve bizarre.

    voila
    0
  10. Utilisateur anonyme
     
    ok je te reponderais demain :)

    @++++
    bonne nuit !!
    0
  11. cy
     
    en fait j'ai verifé si j'avais bien fixé toutes les lignes avec hijack this et non j'en ai saute j'ai refait un scan et le voici :

    Logfile of HijackThis v1.99.1
    Scan saved at 00:06:37, on 08/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\acs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    c:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Netscape\Netscape Browser\netscape.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Aku\program\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133603594967
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\o2pqlc751f.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
    0
  12. Utilisateur anonyme
     
    ok ton hijack est plus au moin clean :) maintenant cherche les exe et supprime les un par en suivant les procedure du message numero 5 . Demain on s'attaquera a la ligne O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\o2pqlc751f.dll
    qui est en fait la plus dure c'est cette ligne qui genere les page de pub ...

    @++++++++++
    0
  13. cy
     
    coucou
    il n'y avait qu'un exe a supprimer
    et par contre quand j'ai tapé logon.exe il met des winlogon.exe est ce que je dois l'effacer?
    0
  14. Utilisateur anonyme
     
    non faut pas touché a winlogon c'est un fichier windows
    remet un log hijack stp

    @++++
    0
  15. cy
     
    Logfile of HijackThis v1.99.1
    Scan saved at 22:36:42, on 08/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\acs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Aku\program\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133603594967
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\mvr0l99m1.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
    0
  16. robi33brico
     
    salut
    quelqu'un peut il m'aider a interpréter le rapport hijack ci-dessous, merci de votre aide .
    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:43, on 09/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender8\vsserv.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\WINDOWS\System32\STDSB.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\paprport\pptd40nt.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\JEQNPIERRE\Bureau\Foxmail.exe
    C:\Documents and Settings\JEQNPIERRE\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PaperPort PTD] c:\paprport\pptd40nt.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [TiscaliParam] C:\Program Files\Tiscali\Dialer\bootparam.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
    O4 - HKLM\..\Run: [Netcom] "C:\Program Files\Netcom\Netcom.exe"
    O4 - HKLM\..\Run: [ Windows] C:\WINDOWS\WinSecurity\services.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
    O4 - HKCU\..\Run: [Updater] C:\Program Files\Carpe Diem\acces_mure\CDUpdater.exe CD_UPDATER
    O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab
    O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055_XP.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{401198DF-E51B-4DCB-9EF7-9F3D26B4666E}: NameServer = 213.36.80.1
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
    0
    1. boulepate
       
      Salut
      crée toi ton propre post sinon on ne va plus rien comprendre ..
      juste au dessus de "rechercher dans la forum" clique sur "écrire un message"
      0
  17. cy
     
    coucou

    j'ai double cliqué sur uninstaller.exe et on m'a averti qu'il y avait un trojan. je l'ai qd mm ouvert et il me demande de mettre une key

    voici le rapport de A2 :

    ---------------------------------------------------------
    ewido security suite - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 23:37:26, 09/12/2005
    + Somme de contrôle: E0901BE1

    + Résultats du scan:

    [1600] C:\WINDOWS\system32\HJL.DLL -> Spyware.Look2Me : Erreur durant le nettoyage
    [1972] C:\WINDOWS\system32\HJL.DLL -> Spyware.Look2Me : Erreur durant le nettoyage
    :mozilla.41:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.44:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
    :mozilla.54:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
    :mozilla.56:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
    :mozilla.57:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
    :mozilla.59:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
    :mozilla.60:C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    :mozilla.7:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
    :mozilla.9:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.10:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.11:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.12:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.13:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.14:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.15:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
    :mozilla.16:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
    :mozilla.17:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    :mozilla.18:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.19:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.20:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.21:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.22:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.23:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.24:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    -> : Erreur durant le nettoyage
    :mozilla.26:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.27:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    :mozilla.31:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    :mozilla.32:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    :mozilla.33:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    :mozilla.34:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    :mozilla.35:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
    :mozilla.46:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
    :mozilla.59:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    :mozilla.60:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    :mozilla.61:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    :mozilla.84:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    :mozilla.85:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    :mozilla.86:C:\Documents and Settings\Phetburi\Application Data\Netscape\NSB\Profiles\w0miz2du.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@paypopup[1].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Cookies\phetburi@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Local Settings\Temp\Cookies\phetburi@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Local Settings\Temp\Cookies\phetburi@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
    C:\Documents and Settings\Phetburi\Local Settings\Temporary Internet Files\Content.IE5\WO7WVSL1\AppWrap[3].exe -> Spyware.Zestyfind : Nettoyer et sauvegarder
    C:\Program Files\Fichiers communs\zuwu\zuwul.exe -> Downloader.TSUpdate.p : Nettoyer et sauvegarder

    ::Fin du rapport

    et voici le rapport hijack this :

    Logfile of HijackThis v1.99.1
    Scan saved at 23:51:18, on 09/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\acs.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\progra~1\softwin\bitdef~1\bdlite.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Netscape\Netscape Browser\netscape.exe
    C:\Aku\program\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Phetburi\Application Data\Mozilla\Profiles\default\q7480nio.slt\prefs.js)
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133603594967
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\o4480ehueh480.dll
    O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    voila merci de bien vouloir m'aider
    0
  18. cy
     
    j'ai fati un sca avec counterspy :

    voici le rapport merci

    Spyware Scan Details
    Start Date: 10/12/2005 11:25:48
    End Date: 10/12/2005 11:57:29
    Total Time: 31 mins 41 secs

    Detected spyware

    ABox Trojan Downloader more information...
    Details: ABox is an adult related adware component that uses trojan techniques to install itself.
    Status: Quarantined

    Infected files detected
    c:\windows\abox.exe

    Popuper Adware more information...
    Status: Quarantined

    Infected files detected
    c:\windows\iemonitor.ocx

    Adw.MRJ.Lowzone Adware more information...
    Details: Adw.MRJ.Lowzone adds trusted zones and displays ads.
    Status: Quarantined

    Infected files detected
    c:\a.bmp
    c:\windows\iemonitor.ocx

    Infected registry entries detected
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\Control
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\InprocServer32 c:\windows\IEMonitor.ocx
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\InprocServer32 ThreadingModel Apartment
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus\1 131473
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\MiscStatus 0
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ProgID IEMonitor.IEEvents
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\ToolboxBitmap32 c:\windows\IEMonitor.ocx, 30000
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\TypeLib {1942BEBE-DCE5-4148-868E-1250A2218B4C}
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC}\VERSION 2.0
    HKEY_CLASSES_ROOT\CLSID\{62FBA4E7-BD9E-4D8D-8FBB-3C32999CB7FC} IEMonitor.IEEvents
    HKEY_CLASSES_ROOT\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}
    HKEY_CLASSES_ROOT\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\ProgID IEMonitor.cBrowsers
    HKEY_CLASSES_ROOT\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\TypeLib {1942BEBE-DCE5-4148-868E-1250A2218B4C}
    HKEY_CLASSES_ROOT\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83}\VERSION 2.0
    HKEY_CLASSES_ROOT\CLSID\{A03323D3-F649-4F16-A6E4-4FC53F917A83} IEMonitor.cBrowsers
    HKEY_CLASSES_ROOT\IEMonitor.cBrowsers
    HKEY_CLASSES_ROOT\IEMonitor.cBrowsers\Clsid {A03323D3-F649-4F16-A6E4-4FC53F917A83}
    HKEY_CLASSES_ROOT\IEMonitor.cBrowsers IEMonitor.cBrowsers
    HKEY_CLASSES_ROOT\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}
    HKEY_CLASSES_ROOT\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib {1942BEBE-DCE5-4148-868E-1250A2218B4C}
    HKEY_CLASSES_ROOT\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6}\TypeLib Version 2.0
    HKEY_CLASSES_ROOT\Interface\{29375563-1B91-44D9-8B05-FFAD8AC286F6} cBrowsers
    HKEY_CLASSES_ROOT\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}
    HKEY_CLASSES_ROOT\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib {1942BEBE-DCE5-4148-868E-1250A2218B4C}
    HKEY_CLASSES_ROOT\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B}\TypeLib Version 2.0
    HKEY_CLASSES_ROOT\Interface\{2AFDD165-B663-43C1-AFE2-105FDCA2A24B} IEEvents
    HKEY_CLASSES_ROOT\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}
    HKEY_CLASSES_ROOT\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib {1942BEBE-DCE5-4148-868E-1250A2218B4C}
    HKEY_CLASSES_ROOT\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707}\TypeLib Version 2.0
    HKEY_CLASSES_ROOT\Interface\{DAE67284-3C98-44C5-AA8F-9461C3247707} IEEvents
    HKEY_CLASSES_ROOT\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}
    HKEY_CLASSES_ROOT\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\0\win32 c:\windows\IEMonitor.ocx
    HKEY_CLASSES_ROOT\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\FLAGS 2
    HKEY_CLASSES_ROOT\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0\HELPDIR c:\windows
    HKEY_CLASSES_ROOT\TypeLib\{1942BEBE-DCE5-4148-868E-1250A2218B4C}\2.0 IEMonitor

    InternetOffers Adware more information...
    Details: InternetOffers displays popup advertisements with no attribution and installs without consent.
    Status: Quarantined

    Infected files detected
    C:\Program Files\Fichiers communs\zuwu\zuwud\vocabulary

    WindUpdates.MediaGateway Adware more information...
    Details: WindUpdates is responsible for downloading adware.
    Status: Quarantined

    Infected registry entries detected
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CLSID {8FCDF9D9-A28B-480f-8C3D-581F119A8AB8}
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CurVer MediaGatewayX.Installer.1
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer MediaGatewayX
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll .Owner {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
    HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}
    HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib {981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}
    HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib Version 1.0
    HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707} IInstallerCaller
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer.1
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer.1\CLSID {8FCDF9D9-A28B-480f-8C3D-581F119A8AB8}
    HKEY_CLASSES_ROOT\MediaGatewayX.Installer.1 MediaGatewayX
    HKEY_CLASSES_ROOT\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}
    HKEY_CLASSES_ROOT\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
    HKEY_CLASSES_ROOT\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\FLAGS 0
    HKEY_CLASSES_ROOT\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
    HKEY_CLASSES_ROOT\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0 ActiveX 1.0 Type Library

    Adware.cmdService Adware more information...
    Details: Adware.cmdService runs as a Windows service.
    Status: Quarantined

    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE NextInstance 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 DeviceDesc Command Service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Legacy 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Service cmdService
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Service cmdService
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Legacy 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 DeviceDesc Command Service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE NextInstance 1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Service cmdService
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Legacy 1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 DeviceDesc Command Service
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE NextInstance 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies {6BF52A52-394A-11D3-B153-00C04F79FAA6} 6

    Adw.StartPage.TimesSquare Adware more information...
    Details: Adw.StartPage.TimesSquare hijacks the IE start page and search pages and displays ads.
    Status: Quarantined

    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    180search Assistant Adware more information...
    Details: 180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers.
    Status: Quarantined

    Infected registry entries detected
    HKEY_CLASSES_ROOT\AppID\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
    HKEY_CLASSES_ROOT\AppID\{D28CD14C-50BE-4CFA-951E-B37F25DA3472} ActiveX
    HKEY_CLASSES_ROOT\AppID\ActiveX.DLL
    HKEY_CLASSES_ROOT\AppID\ActiveX.DLL AppID {D28CD14C-50BE-4CFA-951E-B37F25DA3472}
    0
  19. Utilisateur anonyme
     
    salut
    1/ Télécharge l2mfix.exe ici http://www.downloads.subratam.org/l2mfix.exe

    Mets-le sur ton bureau.
    Double-clic sur l2mfix.exe
    A la 1ère question clic sur Accept, ensuite clic sur Install

    2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
    Ensuite choisis l'option 1 puis Entrée
    Poste ce 1er rapport.

    @+++
    0