[Trojan] downloader win32 swizzor.fq

Résolu
Toulonais1 -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

Depuis ce matin, j'ai mon antivirus qui me signale un Trojan-Downloader.Win32.Swizzor.fq

Ce dernier n'arrive pas a le supprimer.

De plus, j'ai également des popups qui s'ouvrent lors de l'ouverture de page internet quelque soit le navigateur utilisé.

Par contre, en cas de problème important, je n'ai pas de CD de réinstallation de Windows, celui-ci est stocké dans un répertoire du pc et je n'ai pas encore eu l'occasion de mettre sur CD.

J'ai fait les 3 analyses demandées :

- ewido
- BitDefender
- HijackThis

Je colle les rapports à la suite.

Merci d'avance, si vous avez besoin de plus d'informations, dites-le moi.

Voici mon système d'exploitation :

- Windows XP SP2
- Parefeu et antivirus principal : Sécuritoo
- Navigateurs : Internet Explorer et Mozilla Firefox

Rapport ewido : J'ai biensur supprimer les fichier mis en quarantaine.

+ Créé le: 12:54:53, 08/06/2006
+ Somme de contrôle: ABEFDBF2

+ Résultats du scan:

HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKU\S-1-5-21-2236632173-3412014108-4019233391-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.15:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.18:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.19:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.20:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
:mozilla.24:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.28:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.37:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.38:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.39:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.40:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.65:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.113:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.116:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.117:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.118:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.119:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.120:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.173:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.174:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.175:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.194:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.195:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.196:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.197:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.198:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.199:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.200:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.201:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.202:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.203:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.204:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.205:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.206:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.207:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.208:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
:mozilla.254:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.255:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.256:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.257:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.258:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.259:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.260:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.261:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.262:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.263:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.264:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.265:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.266:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.291:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.292:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.293:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.318:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
:mozilla.333:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.334:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.335:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.347:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.348:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.351:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.352:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.353:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.360:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.382:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.383:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.384:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.391:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.405:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.406:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.448:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.449:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.450:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.451:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.452:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.453:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.455:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.474:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.492:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.505:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.513:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.514:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.515:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.516:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.517:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.565:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.566:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.567:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.619:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.620:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.628:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
:mozilla.690:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.691:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.692:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.693:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.694:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.697:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.698:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.705:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.706:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.707:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.720:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
:mozilla.737:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.776:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyer et sauvegarder
:mozilla.885:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.886:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.887:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.888:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.889:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.890:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.891:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.892:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.899:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.921:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.922:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.930:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
:mozilla.979:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.980:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.981:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.982:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.983:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.984:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ilead.itrack[2].txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@try.starware[1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Local Settings\Temp\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder

::Fin du rapport

Rapport BitDefender :

Statistics

Time
02:57:22

Files
877208

Folders
6202

Boot Sectors
3

Archives
10434

Packed Files
120808

Results

Identified Viruses
4

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6

Engines Info

Virus Definitions
387044

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.BO

C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Disinfection failed

C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Deleted

C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Infected with: GenPack:Trojan.Downloader.Swizzor.BO

C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Disinfection failed

C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Deleted

C:\Program Files\EvID4226Patch.exe
Infected with: Backdoor.Virkel.A

C:\Program Files\EvID4226Patch.exe
Disinfection failed

C:\Program Files\EvID4226Patch.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Infected with: Trojan.Funweb.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.CB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Infected with: Backdoor.Virkel.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Deleted

Rapport HijackThis :

Scan saved at 17:52:21, on 08/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

17 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    # Désactive la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    ensuite, télécharge ceci :

    http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)

    ==> Dézippe-le (clic droit dessus > extraire tout)
    et lance lopxp.bat

    il va te générer un rapport, poste le ici stp

    @+

    PS : désolée Olive, mais là je vois pas où il se cache X-)
    0
  2. Toulonais1
     
    re bonjour,

    depuis le dépot des mes raports d'analyses plus haut, je n'ai plus d'alertes de l'antivirus par rapport au trojan, par contre, j'ai toujours des popups qui s'ouvrent en même temps que les pages internet.

    Faudra t-il que le fasse un ccleaner ?

    Merci de votre aide.

    voici le log de lopxp :

    Rapport fait à 20:33:34,68 le 08/06/2006

    Le volume dans le lecteur C s'appelle HDD
    Le num‚ro de s‚rie du volume est ECAA-DFED

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    08/06/2006 07:52 <REP> StyleJugsInterSkip
    17/04/2006 00:26 <REP> Skype
    31/03/2006 01:17 <REP> Ahead
    27/03/2006 10:00 <REP> Avg7
    26/03/2006 17:40 <REP> Spybot - Search & Destroy
    22/03/2006 16:54 <REP> Ulead Systems
    17/03/2006 12:53 1751 QTSBandwidthCache
    17/03/2006 04:14 <REP> Apple Computer
    16/03/2006 21:06 <REP> HP
    16/03/2006 20:54 726 hpzinstall.log
    15/03/2006 18:19 <REP> Messenger Plus!
    15/03/2006 02:37 <REP> Windows Genuine Advantage
    04/02/2006 21:11 <REP> UControl
    25/11/2005 21:09 <REP> Symantec
    25/11/2005 21:08 <REP> Viewpoint
    25/11/2005 21:06 <REP> AOL
    25/11/2005 21:05 <REP> Adobe
    16/08/2004 19:28 <REP> SBSI
    16/08/2004 18:55 62 desktop.ini
    16/08/2004 18:54 <REP> Microsoft
    16/08/2004 18:54 <REP> .
    16/08/2004 18:54 <REP> ..
    3 fichier(s) 2539 octets
    19 R‚p(s) 13228892160 octets libres
    Le volume dans le lecteur C s'appelle HDD
    Le num‚ro de s‚rie du volume est ECAA-DFED

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    04/02/2006 14:07 <REP> Identities
    04/02/2006 14:07 <REP> Real
    04/02/2006 14:07 <REP> Symantec
    04/02/2006 14:07 <REP> Sun
    04/02/2006 14:07 <REP> You've Got Pictures Screensaver
    16/08/2004 18:54 62 desktop.ini
    16/08/2004 18:54 <REP> Microsoft
    16/08/2004 18:54 <REP> .
    16/08/2004 18:54 <REP> ..
    1 fichier(s) 62 octets
    8 R‚p(s) 13228892160 octets libres
    Le volume dans le lecteur C s'appelle HDD
    Le num‚ro de s‚rie du volume est ECAA-DFED

    R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

    21/02/2006 00:31 <REP> You've Got Pictures Screensaver
    21/02/2006 00:31 <REP> ..
    21/02/2006 00:31 <REP> .
    0 fichier(s) 0 octets
    3 R‚p(s) 13228892160 octets libres
    Le volume dans le lecteur C s'appelle HDD
    Le num‚ro de s‚rie du volume est ECAA-DFED

    R‚pertoire de C:\Documents and Settings\Valery\Application Data

    08/06/2006 07:53 <REP> Send Barb Build
    08/06/2006 07:52 <REP> pokesigncast
    28/05/2006 04:34 <REP> .bittorrent
    28/05/2006 00:36 <REP> ICQLite
    17/04/2006 00:26 <REP> Skype
    09/04/2006 02:35 7058 GdiplusUpgrade_MSIApproach_Wrapper.log
    06/04/2006 21:05 <REP> MSNInstaller
    03/04/2006 17:07 <REP> Aim
    31/03/2006 01:25 <REP> Ahead
    26/03/2006 17:36 <REP> Lavasoft
    25/03/2006 03:41 41191 Update_HP_RedboxHprblog_HPSU.log
    22/03/2006 16:59 <REP> Ulead Systems
    19/03/2006 02:56 <REP> F-Secure
    18/03/2006 05:06 <REP> PEX
    18/03/2006 05:02 <REP> ispnews
    18/03/2006 04:54 <REP> Wannadoo
    18/03/2006 03:14 2083 HPSU_48BitScanUpdate.log
    17/03/2006 04:18 <REP> Apple Computer
    16/03/2006 21:16 <REP> Image Zone Express
    16/03/2006 20:54 <REP> HP
    15/03/2006 17:59 <REP> Talkback
    15/03/2006 17:59 <REP> Mozilla
    02/03/2006 02:43 <REP> eConf
    02/03/2006 02:28 <REP> Wanadoo visio
    25/02/2006 10:22 <REP> AdobeUM
    25/02/2006 10:21 <REP> Adobe
    04/02/2006 22:16 <REP> SlySoft
    04/02/2006 21:18 <REP> Help
    04/02/2006 20:01 <REP> CyberLink
    04/02/2006 19:49 <REP> Sonic
    04/02/2006 19:44 <REP> Leadertech
    04/02/2006 16:06 <REP> Macromedia
    04/02/2006 14:07 62 desktop.ini
    04/02/2006 14:07 <REP> Identities
    04/02/2006 14:07 <REP> Microsoft
    04/02/2006 14:07 <REP> Real
    04/02/2006 14:07 <REP> Sun
    04/02/2006 14:07 <REP> ..
    04/02/2006 14:07 <REP> .
    04/02/2006 14:07 <REP> Symantec
    04/02/2006 14:07 <REP> You've Got Pictures Screensaver
    4 fichier(s) 50394 octets
    37 R‚p(s) 13228888064 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Le volume dans le lecteur C s'appelle HDD
    Le num‚ro de s‚rie du volume est ECAA-DFED

    R‚pertoire de C:\WINDOWS\Tasks

    18/03/2006 05:06 588 Scheduled scanning task.job
    18/03/2006 03:06 6 SA.DAT
    18/03/2006 03:03 <REP> ..
    18/03/2006 03:03 <REP> .
    16/08/2004 18:40 65 desktop.ini
    3 fichier(s) 659 octets
    2 R‚p(s) 13ÿ228ÿ888ÿ064 octets libres

    ******************************************
    Recherche dans Program files

    Le dossier C:\Program Files\C2Media n'existe pas

    *************** Fin du rapport ****************
    0
  3. Toulonais1
     
    bonsoir,

    Je vous remercie de toute l'aide que vous m'avez apporté, pour l'instant, je n'ai plus d'alerte du trojan ni de popups.

    Il semblerait que le probléme soit reglé.

    Bonne continuation à tous.
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Bonsoir

    c'est pas tout à fait terminer ...

    cherche et supprime les fichiers en gras si present :

    C:\Program files\Adverts
    C:\Program files\ pokesigncast

    ensuite reposte un nouveau hijackthis stp

    @+

    0
  6. Toulonais1
     
    Bonsoir,

    En effet, les popups sont toujours là, uniquement quand j'ouvre le navigateur mais pas quand j'ouvre un nouvel onglet.

    J'ai pu supprimer celui là :
    C:\Program files\ pokesigncast

    mais pas celui ci, il est introuvable.
    C:\Program files\Adverts

    Voici le log d'HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 01:11:22, on 09/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
    O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  7. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bsr
    fais examiner cette ligne :

    C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe

    par virustotal
    www.virustotal.com/flash/index_en.html
    https://www.radins.com/
    et
    par jotti
    https://virusscan.jotti.org/

    copie/COLLE les 2 rapports
    0
  8. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    fais un peu de ménage ds ce dernier logfile
    trop de choses inutiles encore :

    ouvre hijack
    coche et fixe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    +
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe<==MEFIANT JE SUIS Là !!

    O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe<===INCONNU donc MéFIANT je suis

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    ============
    fais examiner aussi
    C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe

    par virustotal
    www.virustotal.com/flash/index_en.html
    https://www.radins.com/
    et
    par jotti
    https://virusscan.jotti.org/
    ===========
    si ton PC est un HP ?
    coche et fixe aussi ( qui a trait à P.Bell)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
    =============
    je vois du AOL !
    est-ce que tu emploies AIM ?
    0
  9. Toulonais1
     
    Bonsoir,

    je viens de voir votre message, en attendant votre réponse,
    j'ai fais un activescan Panda et j'ai supprimé les fichiers nommés
    sur le log suivant sauf 1 même en mode sans echec, je ne le trouve pas :

    celui que je ne trouve pas :

    Outil indésirable:Application/FunWeb No Désinfecté C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf

    Ceux-là sont tous supprimés :

    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\dumbfrag.exe
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\ExitBows.exe
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
    Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[as1.falkag.de/]
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.weborama.fr/]
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\qmaeouco.exe
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\roadadmin.exe
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\segwtbmj.exe
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\ucshjrsa.exe
    Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[1].txt
    Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@lop[1].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@xiti[1].txt
    Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Local Settings\Temp\bis3AF9.exe

    Voici le log d'HijackThis que j'ai fait à l'instant :

    Logfile of HijackThis v1.99.1
    Scan saved at 03:04:19, on 09/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
    O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  10. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    ai oublié une ligne à fixer aussi :
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
    ========
    exécute les conseils des posts 7 & 8
    =========
    lecture demain d'un nouvel hijack pour suite à donner

    bonne nuit
    0
  11. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    re
    en relisant tt cela........
    ai comme l impression que tu as du lop
    désinstalle 'MessengerPlus3'
    on remettra plus tard sans les sponsors
    0
  12. Toulonais1
     
    Bonsoir,

    J'ai fixer toutes les lignes demandées.

    Mon PC est : EasyNote de Packard Bell.
    Impimantes : HP et Lexmark
    Conexion Internet : en adaptateur WIFI avec la Livebox de Wanadoo.
    Messageries Instantannées : Msn+ , Yahoo, Aim
    Webcam : créative
    Lecteur/Graveur DVD : interne + 1 externe

    Lorsque j'ai fixer les lignes demandées, j'ai eu un message.

    screen du message :
    http://www.mezimages.com/image/toulonais1/messageerreurhijackthis1.JPG

    Résultat de l'analyse des adresses suivante par virustotal et jotti :
    Le chemin d'accès n'existe pas.

    C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe

    C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe

    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf

    En désinstallant msn plus, la fenêtre disait que les sponsors n'étaient pas installés.

    Log HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 04:33:30, on 09/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Valery\LOCALS~1\Temp\MsgPlusUninst.bat"
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  13. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonjour,

    Où en sont tes soucis ??

    A++
    0
  14. Toulonais1
     
    bonjour,

    je n'ai plus de popups depuis la suppression des fichiers indiqués par l'activscan, si vous trouvez dans le log d'HijackThis qu'il y a encore des fichiers à fixer, pas de problème.

    merci à tous pour l'aide apporté.
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    pour moi c'est tout bon !

    une ptite ligne inutile :

    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

    Cliques sur :

    demarrer < executer < tapes " services.msc"

    cherches dans la liste cette ligne et regles la sur "desactivé"

    France Telecom Routing Table Service

    et pour la suite :

    securite proteger un ordinateur contre les malwares d internet

    @+
    0
  16. Toulonais1
     
    Bonjour,

    C'est fait.

    J'ai bien lu la page mais avant, il faudra attedre la fin de l'abonnement de mon antivirus/firewall qui est pris en compte avec mon adsl.

    Merci à tous de l'aide que vous m'avez apporté.

    Passez tous une bonne fin de journée.

    Heureusement que ce site existe.
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    de rien !

    bonne journée !

    @+

    ;-)
    0