[Trojan] downloader win32 swizzor.fq

Résolu/Fermé
Toulonais1 - 8 juin 2006 à 18:28
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
- 9 juin 2006 à 13:53
Bonjour,

Depuis ce matin, j'ai mon antivirus qui me signale un Trojan-Downloader.Win32.Swizzor.fq

Ce dernier n'arrive pas a le supprimer.

De plus, j'ai également des popups qui s'ouvrent lors de l'ouverture de page internet quelque soit le navigateur utilisé.

Par contre, en cas de problème important, je n'ai pas de CD de réinstallation de Windows, celui-ci est stocké dans un répertoire du pc et je n'ai pas encore eu l'occasion de mettre sur CD.

J'ai fait les 3 analyses demandées :

- ewido
- BitDefender
- HijackThis

Je colle les rapports à la suite.

Merci d'avance, si vous avez besoin de plus d'informations, dites-le moi.

Voici mon système d'exploitation :

- Windows XP SP2
- Parefeu et antivirus principal : Sécuritoo
- Navigateurs : Internet Explorer et Mozilla Firefox

Rapport ewido : J'ai biensur supprimer les fichier mis en quarantaine.

+ Créé le: 12:54:53, 08/06/2006
+ Somme de contrôle: ABEFDBF2

+ Résultats du scan:

HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKU\S-1-5-21-2236632173-3412014108-4019233391-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.15:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.18:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.19:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.20:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
:mozilla.24:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.28:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.37:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.38:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.39:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.40:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.65:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.113:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.116:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.117:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.118:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.119:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.120:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.173:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.174:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.175:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.194:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.195:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.196:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.197:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.198:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.199:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.200:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.201:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.202:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.203:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.204:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.205:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.206:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.207:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.208:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
:mozilla.254:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.255:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.256:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.257:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.258:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.259:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.260:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.261:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.262:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.263:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.264:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.265:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.266:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.291:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.292:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.293:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.318:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
:mozilla.333:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.334:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.335:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.347:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.348:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.351:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.352:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.353:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.360:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.382:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.383:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.384:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.391:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.405:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.406:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.448:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.449:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.450:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.451:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.452:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.453:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.455:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.474:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.492:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.505:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.513:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.514:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.515:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.516:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.517:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.565:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.566:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.567:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.619:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.620:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.628:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
:mozilla.690:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.691:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.692:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.693:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.694:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.697:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.698:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.705:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.706:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.707:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.720:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
:mozilla.737:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.776:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyer et sauvegarder
:mozilla.885:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.886:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.887:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.888:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.889:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.890:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.891:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.892:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.899:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.921:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.922:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.930:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
:mozilla.979:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.980:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.981:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.982:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.983:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.984:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ilead.itrack[2].txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@try.starware[1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Local Settings\Temp\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder


::Fin du rapport




Rapport BitDefender :

Statistics

Time
02:57:22

Files
877208

Folders
6202

Boot Sectors
3

Archives
10434

Packed Files
120808




Results

Identified Viruses
4

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
387044

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.BO

C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Disinfection failed

C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Deleted

C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Infected with: GenPack:Trojan.Downloader.Swizzor.BO

C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Disinfection failed

C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Deleted

C:\Program Files\EvID4226Patch.exe
Infected with: Backdoor.Virkel.A

C:\Program Files\EvID4226Patch.exe
Disinfection failed

C:\Program Files\EvID4226Patch.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Infected with: Trojan.Funweb.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.CB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Infected with: Backdoor.Virkel.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Deleted


Rapport HijackThis :

Scan saved at 17:52:21, on 08/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

17 réponses

green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
8 juin 2006 à 20:14
Salut

# Désactive la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs


ensuite, télécharge ceci :

http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)

==> Dézippe-le (clic droit dessus > extraire tout)
et lance lopxp.bat

il va te générer un rapport, poste le ici stp

@+

PS : désolée Olive, mais là je vois pas où il se cache X-)
0
re bonjour,

depuis le dépot des mes raports d'analyses plus haut, je n'ai plus d'alertes de l'antivirus par rapport au trojan, par contre, j'ai toujours des popups qui s'ouvrent en même temps que les pages internet.

Faudra t-il que le fasse un ccleaner ?

Merci de votre aide.


voici le log de lopxp :

Rapport fait à 20:33:34,68 le 08/06/2006

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED

R‚pertoire de C:\Documents and Settings\All Users\Application Data

08/06/2006 07:52 <REP> StyleJugsInterSkip
17/04/2006 00:26 <REP> Skype
31/03/2006 01:17 <REP> Ahead
27/03/2006 10:00 <REP> Avg7
26/03/2006 17:40 <REP> Spybot - Search & Destroy
22/03/2006 16:54 <REP> Ulead Systems
17/03/2006 12:53 1751 QTSBandwidthCache
17/03/2006 04:14 <REP> Apple Computer
16/03/2006 21:06 <REP> HP
16/03/2006 20:54 726 hpzinstall.log
15/03/2006 18:19 <REP> Messenger Plus!
15/03/2006 02:37 <REP> Windows Genuine Advantage
04/02/2006 21:11 <REP> UControl
25/11/2005 21:09 <REP> Symantec
25/11/2005 21:08 <REP> Viewpoint
25/11/2005 21:06 <REP> AOL
25/11/2005 21:05 <REP> Adobe
16/08/2004 19:28 <REP> SBSI
16/08/2004 18:55 62 desktop.ini
16/08/2004 18:54 <REP> Microsoft
16/08/2004 18:54 <REP> .
16/08/2004 18:54 <REP> ..
3 fichier(s) 2539 octets
19 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED

R‚pertoire de C:\Documents and Settings\Default User\Application Data

04/02/2006 14:07 <REP> Identities
04/02/2006 14:07 <REP> Real
04/02/2006 14:07 <REP> Symantec
04/02/2006 14:07 <REP> Sun
04/02/2006 14:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:54 62 desktop.ini
16/08/2004 18:54 <REP> Microsoft
16/08/2004 18:54 <REP> .
16/08/2004 18:54 <REP> ..
1 fichier(s) 62 octets
8 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED

R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

21/02/2006 00:31 <REP> You've Got Pictures Screensaver
21/02/2006 00:31 <REP> ..
21/02/2006 00:31 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED

R‚pertoire de C:\Documents and Settings\Valery\Application Data

08/06/2006 07:53 <REP> Send Barb Build
08/06/2006 07:52 <REP> pokesigncast
28/05/2006 04:34 <REP> .bittorrent
28/05/2006 00:36 <REP> ICQLite
17/04/2006 00:26 <REP> Skype
09/04/2006 02:35 7058 GdiplusUpgrade_MSIApproach_Wrapper.log
06/04/2006 21:05 <REP> MSNInstaller
03/04/2006 17:07 <REP> Aim
31/03/2006 01:25 <REP> Ahead
26/03/2006 17:36 <REP> Lavasoft
25/03/2006 03:41 41191 Update_HP_RedboxHprblog_HPSU.log
22/03/2006 16:59 <REP> Ulead Systems
19/03/2006 02:56 <REP> F-Secure
18/03/2006 05:06 <REP> PEX
18/03/2006 05:02 <REP> ispnews
18/03/2006 04:54 <REP> Wannadoo
18/03/2006 03:14 2083 HPSU_48BitScanUpdate.log
17/03/2006 04:18 <REP> Apple Computer
16/03/2006 21:16 <REP> Image Zone Express
16/03/2006 20:54 <REP> HP
15/03/2006 17:59 <REP> Talkback
15/03/2006 17:59 <REP> Mozilla
02/03/2006 02:43 <REP> eConf
02/03/2006 02:28 <REP> Wanadoo visio
25/02/2006 10:22 <REP> AdobeUM
25/02/2006 10:21 <REP> Adobe
04/02/2006 22:16 <REP> SlySoft
04/02/2006 21:18 <REP> Help
04/02/2006 20:01 <REP> CyberLink
04/02/2006 19:49 <REP> Sonic
04/02/2006 19:44 <REP> Leadertech
04/02/2006 16:06 <REP> Macromedia
04/02/2006 14:07 62 desktop.ini
04/02/2006 14:07 <REP> Identities
04/02/2006 14:07 <REP> Microsoft
04/02/2006 14:07 <REP> Real
04/02/2006 14:07 <REP> Sun
04/02/2006 14:07 <REP> ..
04/02/2006 14:07 <REP> .
04/02/2006 14:07 <REP> Symantec
04/02/2006 14:07 <REP> You've Got Pictures Screensaver
4 fichier(s) 50394 octets
37 R‚p(s) 13228888064 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED

R‚pertoire de C:\WINDOWS\Tasks

18/03/2006 05:06 588 Scheduled scanning task.job
18/03/2006 03:06 6 SA.DAT
18/03/2006 03:03 <REP> ..
18/03/2006 03:03 <REP> .
16/08/2004 18:40 65 desktop.ini
3 fichier(s) 659 octets
2 R‚p(s) 13ÿ228ÿ888ÿ064 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************
0
aranjuez31
Messages postés
8046
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
357
8 juin 2006 à 20:49
hello
tjrs utile de le faire
4/ - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
0
bonsoir,

Je vous remercie de toute l'aide que vous m'avez apporté, pour l'instant, je n'ai plus d'alerte du trojan ni de popups.

Il semblerait que le probléme soit reglé.

Bonne continuation à tous.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
8 juin 2006 à 23:11
Bonsoir

c'est pas tout à fait terminer ...

cherche et supprime les fichiers en gras si present :

C:\Program files\Adverts
C:\Program files\ pokesigncast

ensuite reposte un nouveau hijackthis stp

@+

0
Bonsoir,

En effet, les popups sont toujours là, uniquement quand j'ouvre le navigateur mais pas quand j'ouvre un nouvel onglet.

J'ai pu supprimer celui là :
C:\Program files\ pokesigncast

mais pas celui ci, il est introuvable.
C:\Program files\Adverts

Voici le log d'HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 01:11:22, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
aranjuez31
Messages postés
8046
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
357
9 juin 2006 à 02:47
bsr
fais examiner cette ligne :

C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe

par virustotal
www.virustotal.com/flash/index_en.html
https://www.radins.com/
et
par jotti
https://virusscan.jotti.org/

copie/COLLE les 2 rapports
0
aranjuez31
Messages postés
8046
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
357
9 juin 2006 à 03:07
re
fais un peu de ménage ds ce dernier logfile
trop de choses inutiles encore :

ouvre hijack
coche et fixe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
+
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe<==MEFIANT JE SUIS Là !!

O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe<===INCONNU donc MéFIANT je suis

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
============
fais examiner aussi
C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe

par virustotal
www.virustotal.com/flash/index_en.html
https://www.radins.com/
et
par jotti
https://virusscan.jotti.org/
===========
si ton PC est un HP ?
coche et fixe aussi ( qui a trait à P.Bell)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
=============
je vois du AOL !
est-ce que tu emploies AIM ?
0
Bonsoir,

je viens de voir votre message, en attendant votre réponse,
j'ai fais un activescan Panda et j'ai supprimé les fichiers nommés
sur le log suivant sauf 1 même en mode sans echec, je ne le trouve pas :

celui que je ne trouve pas :

Outil indésirable:Application/FunWeb No Désinfecté C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf

Ceux-là sont tous supprimés :

Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\dumbfrag.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\ExitBows.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.weborama.fr/]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\qmaeouco.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\roadadmin.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\segwtbmj.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\ucshjrsa.exe
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[1].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@lop[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Local Settings\Temp\bis3AF9.exe

Voici le log d'HijackThis que j'ai fait à l'instant :

Logfile of HijackThis v1.99.1
Scan saved at 03:04:19, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
aranjuez31
Messages postés
8046
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
357
9 juin 2006 à 03:29
re
ai oublié une ligne à fixer aussi :
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
========
exécute les conseils des posts 7 & 8
=========
lecture demain d'un nouvel hijack pour suite à donner

bonne nuit
0
aranjuez31
Messages postés
8046
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
357
9 juin 2006 à 04:23
re
en relisant tt cela........
ai comme l impression que tu as du lop
désinstalle 'MessengerPlus3'
on remettra plus tard sans les sponsors
0
Bonsoir,

J'ai fixer toutes les lignes demandées.

Mon PC est : EasyNote de Packard Bell.
Impimantes : HP et Lexmark
Conexion Internet : en adaptateur WIFI avec la Livebox de Wanadoo.
Messageries Instantannées : Msn+ , Yahoo, Aim
Webcam : créative
Lecteur/Graveur DVD : interne + 1 externe

Lorsque j'ai fixer les lignes demandées, j'ai eu un message.

screen du message :
http://www.mezimages.com/image/toulonais1/messageerreurhijackthis1.JPG

Résultat de l'analyse des adresses suivante par virustotal et jotti :
Le chemin d'accès n'existe pas.

C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe

C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf

En désinstallant msn plus, la fenêtre disait que les sponsors n'étaient pas installés.

Log HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 04:33:30, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Valery\LOCALS~1\Temp\MsgPlusUninst.bat"
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
^^Marie^^
Messages postés
113926
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 282
9 juin 2006 à 08:22
Bonjour,

Où en sont tes soucis ??

A++
0
bonjour,

je n'ai plus de popups depuis la suppression des fichiers indiqués par l'activscan, si vous trouvez dans le log d'HijackThis qu'il y a encore des fichiers à fixer, pas de problème.

merci à tous pour l'aide apporté.
0
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
9 juin 2006 à 12:07
Salut

pour moi c'est tout bon !

une ptite ligne inutile :

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

Cliques sur :

demarrer < executer < tapes " services.msc"

cherches dans la liste cette ligne et regles la sur "desactivé"

France Telecom Routing Table Service

et pour la suite :

securite proteger un ordinateur contre les malwares d internet

@+
0
Bonjour,

C'est fait.

J'ai bien lu la page mais avant, il faudra attedre la fin de l'abonnement de mon antivirus/firewall qui est pris en compte avec mon adsl.

Merci à tous de l'aide que vous m'avez apporté.

Passez tous une bonne fin de journée.

Heureusement que ce site existe.
0
green day
Messages postés
26364
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 165
9 juin 2006 à 13:53
de rien !

bonne journée !

@+

;-)
0