[Trojan] downloader win32 swizzor.fq
Résolu
Toulonais1
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
Depuis ce matin, j'ai mon antivirus qui me signale un Trojan-Downloader.Win32.Swizzor.fq
Ce dernier n'arrive pas a le supprimer.
De plus, j'ai également des popups qui s'ouvrent lors de l'ouverture de page internet quelque soit le navigateur utilisé.
Par contre, en cas de problème important, je n'ai pas de CD de réinstallation de Windows, celui-ci est stocké dans un répertoire du pc et je n'ai pas encore eu l'occasion de mettre sur CD.
J'ai fait les 3 analyses demandées :
- ewido
- BitDefender
- HijackThis
Je colle les rapports à la suite.
Merci d'avance, si vous avez besoin de plus d'informations, dites-le moi.
Voici mon système d'exploitation :
- Windows XP SP2
- Parefeu et antivirus principal : Sécuritoo
- Navigateurs : Internet Explorer et Mozilla Firefox
Rapport ewido : J'ai biensur supprimer les fichier mis en quarantaine.
+ Créé le: 12:54:53, 08/06/2006
+ Somme de contrôle: ABEFDBF2
+ Résultats du scan:
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKU\S-1-5-21-2236632173-3412014108-4019233391-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.15:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.18:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.19:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.20:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
:mozilla.24:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.28:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.37:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.38:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.39:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.40:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.65:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.113:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.116:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.117:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.118:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.119:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.120:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.173:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.174:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.175:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.194:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.195:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.196:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.197:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.198:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.199:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.200:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.201:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.202:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.203:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.204:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.205:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.206:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.207:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.208:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
:mozilla.254:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.255:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.256:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.257:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.258:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.259:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.260:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.261:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.262:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.263:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.264:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.265:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.266:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.291:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.292:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.293:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.318:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
:mozilla.333:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.334:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.335:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.347:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.348:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.351:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.352:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.353:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.360:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.382:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.383:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.384:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.391:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.405:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.406:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.448:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.449:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.450:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.451:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.452:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.453:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.455:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.474:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.492:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.505:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.513:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.514:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.515:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.516:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.517:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.565:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.566:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.567:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.619:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.620:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.628:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
:mozilla.690:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.691:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.692:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.693:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.694:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.697:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.698:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.705:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.706:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.707:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.720:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
:mozilla.737:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.776:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyer et sauvegarder
:mozilla.885:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.886:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.887:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.888:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.889:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.890:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.891:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.892:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.899:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.921:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.922:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.930:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
:mozilla.979:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.980:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.981:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.982:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.983:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.984:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ilead.itrack[2].txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@try.starware[1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Local Settings\Temp\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
::Fin du rapport
Rapport BitDefender :
Statistics
Time
02:57:22
Files
877208
Folders
6202
Boot Sectors
3
Archives
10434
Packed Files
120808
Results
Identified Viruses
4
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
6
Engines Info
Virus Definitions
387044
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
40
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Disinfection failed
C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Deleted
C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Disinfection failed
C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Deleted
C:\Program Files\EvID4226Patch.exe
Infected with: Backdoor.Virkel.A
C:\Program Files\EvID4226Patch.exe
Disinfection failed
C:\Program Files\EvID4226Patch.exe
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Infected with: Trojan.Funweb.A
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.CB
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Infected with: Backdoor.Virkel.A
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Deleted
Rapport HijackThis :
Scan saved at 17:52:21, on 08/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Depuis ce matin, j'ai mon antivirus qui me signale un Trojan-Downloader.Win32.Swizzor.fq
Ce dernier n'arrive pas a le supprimer.
De plus, j'ai également des popups qui s'ouvrent lors de l'ouverture de page internet quelque soit le navigateur utilisé.
Par contre, en cas de problème important, je n'ai pas de CD de réinstallation de Windows, celui-ci est stocké dans un répertoire du pc et je n'ai pas encore eu l'occasion de mettre sur CD.
J'ai fait les 3 analyses demandées :
- ewido
- BitDefender
- HijackThis
Je colle les rapports à la suite.
Merci d'avance, si vous avez besoin de plus d'informations, dites-le moi.
Voici mon système d'exploitation :
- Windows XP SP2
- Parefeu et antivirus principal : Sécuritoo
- Navigateurs : Internet Explorer et Mozilla Firefox
Rapport ewido : J'ai biensur supprimer les fichier mis en quarantaine.
+ Créé le: 12:54:53, 08/06/2006
+ Somme de contrôle: ABEFDBF2
+ Résultats du scan:
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
HKU\S-1-5-21-2236632173-3412014108-4019233391-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.11:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.15:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.18:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.19:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.20:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
:mozilla.24:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.28:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.32:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.37:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.38:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.39:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.40:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
:mozilla.65:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.67:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.113:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.114:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.115:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.116:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.117:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.118:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.119:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.120:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
:mozilla.173:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.174:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.175:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.194:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.195:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.196:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.197:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.198:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.199:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
:mozilla.200:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.201:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.202:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.203:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.204:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.205:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.206:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.207:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.208:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyer et sauvegarder
:mozilla.254:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.255:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.256:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.257:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.258:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.259:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.260:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.261:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.262:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.263:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.264:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.265:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.266:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.291:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.292:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.293:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.318:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
:mozilla.333:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.334:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.335:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder
:mozilla.347:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.348:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.351:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.352:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.353:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.360:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.382:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.383:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.384:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
:mozilla.391:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.405:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.406:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder
:mozilla.448:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.449:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.450:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.451:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.452:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.453:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.455:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.474:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
:mozilla.492:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.505:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
:mozilla.513:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.514:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.515:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.516:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.517:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.565:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.566:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.567:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.619:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.620:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
:mozilla.628:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
:mozilla.690:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.691:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
:mozilla.692:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
:mozilla.693:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.694:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
:mozilla.697:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.698:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
:mozilla.705:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.706:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.707:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
:mozilla.720:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
:mozilla.737:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.776:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyer et sauvegarder
:mozilla.885:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.886:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.887:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.888:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.889:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.890:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.891:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.892:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder
:mozilla.899:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.921:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.922:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.930:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
:mozilla.979:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.980:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
:mozilla.981:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.982:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.983:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.984:C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@ilead.itrack[2].txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Cookies\valery@try.starware[1].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
C:\Documents and Settings\Valery\Local Settings\Temp\Cookies\valery@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
::Fin du rapport
Rapport BitDefender :
Statistics
Time
02:57:22
Files
877208
Folders
6202
Boot Sectors
3
Archives
10434
Packed Files
120808
Results
Identified Viruses
4
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
6
Engines Info
Virus Definitions
387044
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
40
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Disinfection failed
C:\Documents and Settings\Valery\Application Data\Send Barb Build\NAME CURB.0XE
Deleted
C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Disinfection failed
C:\Documents and Settings\Valery\Local Settings\Temp\TMP0.0
Deleted
C:\Program Files\EvID4226Patch.exe
Infected with: Backdoor.Virkel.A
C:\Program Files\EvID4226Patch.exe
Disinfection failed
C:\Program Files\EvID4226Patch.exe
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Infected with: Trojan.Funweb.A
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP107\A0022507.DLL
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Infected with: GenPack:Trojan.Downloader.Swizzor.CB
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP166\A0031608.0XE
Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Infected with: Backdoor.Virkel.A
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP167\A0031632.exe
Deleted
Rapport HijackThis :
Scan saved at 17:52:21, on 08/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:
- [Trojan] downloader win32 swizzor.fq
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Freemake video downloader - Télécharger - Téléchargement & Transfert
- Flash video downloader - Télécharger - Téléchargement & Transfert
- Youtube downloader - Télécharger - Conversion & Codecs
- Mass downloader - Télécharger - Outils Internet
17 réponses
Salut
# Désactive la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
ensuite, télécharge ceci :
http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)
==> Dézippe-le (clic droit dessus > extraire tout)
et lance lopxp.bat
il va te générer un rapport, poste le ici stp
@+
PS : désolée Olive, mais là je vois pas où il se cache X-)
# Désactive la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
ensuite, télécharge ceci :
http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)
==> Dézippe-le (clic droit dessus > extraire tout)
et lance lopxp.bat
il va te générer un rapport, poste le ici stp
@+
PS : désolée Olive, mais là je vois pas où il se cache X-)
re bonjour,
depuis le dépot des mes raports d'analyses plus haut, je n'ai plus d'alertes de l'antivirus par rapport au trojan, par contre, j'ai toujours des popups qui s'ouvrent en même temps que les pages internet.
Faudra t-il que le fasse un ccleaner ?
Merci de votre aide.
voici le log de lopxp :
Rapport fait à 20:33:34,68 le 08/06/2006
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\All Users\Application Data
08/06/2006 07:52 <REP> StyleJugsInterSkip
17/04/2006 00:26 <REP> Skype
31/03/2006 01:17 <REP> Ahead
27/03/2006 10:00 <REP> Avg7
26/03/2006 17:40 <REP> Spybot - Search & Destroy
22/03/2006 16:54 <REP> Ulead Systems
17/03/2006 12:53 1751 QTSBandwidthCache
17/03/2006 04:14 <REP> Apple Computer
16/03/2006 21:06 <REP> HP
16/03/2006 20:54 726 hpzinstall.log
15/03/2006 18:19 <REP> Messenger Plus!
15/03/2006 02:37 <REP> Windows Genuine Advantage
04/02/2006 21:11 <REP> UControl
25/11/2005 21:09 <REP> Symantec
25/11/2005 21:08 <REP> Viewpoint
25/11/2005 21:06 <REP> AOL
25/11/2005 21:05 <REP> Adobe
16/08/2004 19:28 <REP> SBSI
16/08/2004 18:55 62 desktop.ini
16/08/2004 18:54 <REP> Microsoft
16/08/2004 18:54 <REP> .
16/08/2004 18:54 <REP> ..
3 fichier(s) 2539 octets
19 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\Default User\Application Data
04/02/2006 14:07 <REP> Identities
04/02/2006 14:07 <REP> Real
04/02/2006 14:07 <REP> Symantec
04/02/2006 14:07 <REP> Sun
04/02/2006 14:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:54 62 desktop.ini
16/08/2004 18:54 <REP> Microsoft
16/08/2004 18:54 <REP> .
16/08/2004 18:54 <REP> ..
1 fichier(s) 62 octets
8 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data
21/02/2006 00:31 <REP> You've Got Pictures Screensaver
21/02/2006 00:31 <REP> ..
21/02/2006 00:31 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\Valery\Application Data
08/06/2006 07:53 <REP> Send Barb Build
08/06/2006 07:52 <REP> pokesigncast
28/05/2006 04:34 <REP> .bittorrent
28/05/2006 00:36 <REP> ICQLite
17/04/2006 00:26 <REP> Skype
09/04/2006 02:35 7058 GdiplusUpgrade_MSIApproach_Wrapper.log
06/04/2006 21:05 <REP> MSNInstaller
03/04/2006 17:07 <REP> Aim
31/03/2006 01:25 <REP> Ahead
26/03/2006 17:36 <REP> Lavasoft
25/03/2006 03:41 41191 Update_HP_RedboxHprblog_HPSU.log
22/03/2006 16:59 <REP> Ulead Systems
19/03/2006 02:56 <REP> F-Secure
18/03/2006 05:06 <REP> PEX
18/03/2006 05:02 <REP> ispnews
18/03/2006 04:54 <REP> Wannadoo
18/03/2006 03:14 2083 HPSU_48BitScanUpdate.log
17/03/2006 04:18 <REP> Apple Computer
16/03/2006 21:16 <REP> Image Zone Express
16/03/2006 20:54 <REP> HP
15/03/2006 17:59 <REP> Talkback
15/03/2006 17:59 <REP> Mozilla
02/03/2006 02:43 <REP> eConf
02/03/2006 02:28 <REP> Wanadoo visio
25/02/2006 10:22 <REP> AdobeUM
25/02/2006 10:21 <REP> Adobe
04/02/2006 22:16 <REP> SlySoft
04/02/2006 21:18 <REP> Help
04/02/2006 20:01 <REP> CyberLink
04/02/2006 19:49 <REP> Sonic
04/02/2006 19:44 <REP> Leadertech
04/02/2006 16:06 <REP> Macromedia
04/02/2006 14:07 62 desktop.ini
04/02/2006 14:07 <REP> Identities
04/02/2006 14:07 <REP> Microsoft
04/02/2006 14:07 <REP> Real
04/02/2006 14:07 <REP> Sun
04/02/2006 14:07 <REP> ..
04/02/2006 14:07 <REP> .
04/02/2006 14:07 <REP> Symantec
04/02/2006 14:07 <REP> You've Got Pictures Screensaver
4 fichier(s) 50394 octets
37 R‚p(s) 13228888064 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\WINDOWS\Tasks
18/03/2006 05:06 588 Scheduled scanning task.job
18/03/2006 03:06 6 SA.DAT
18/03/2006 03:03 <REP> ..
18/03/2006 03:03 <REP> .
16/08/2004 18:40 65 desktop.ini
3 fichier(s) 659 octets
2 R‚p(s) 13ÿ228ÿ888ÿ064 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
depuis le dépot des mes raports d'analyses plus haut, je n'ai plus d'alertes de l'antivirus par rapport au trojan, par contre, j'ai toujours des popups qui s'ouvrent en même temps que les pages internet.
Faudra t-il que le fasse un ccleaner ?
Merci de votre aide.
voici le log de lopxp :
Rapport fait à 20:33:34,68 le 08/06/2006
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\All Users\Application Data
08/06/2006 07:52 <REP> StyleJugsInterSkip
17/04/2006 00:26 <REP> Skype
31/03/2006 01:17 <REP> Ahead
27/03/2006 10:00 <REP> Avg7
26/03/2006 17:40 <REP> Spybot - Search & Destroy
22/03/2006 16:54 <REP> Ulead Systems
17/03/2006 12:53 1751 QTSBandwidthCache
17/03/2006 04:14 <REP> Apple Computer
16/03/2006 21:06 <REP> HP
16/03/2006 20:54 726 hpzinstall.log
15/03/2006 18:19 <REP> Messenger Plus!
15/03/2006 02:37 <REP> Windows Genuine Advantage
04/02/2006 21:11 <REP> UControl
25/11/2005 21:09 <REP> Symantec
25/11/2005 21:08 <REP> Viewpoint
25/11/2005 21:06 <REP> AOL
25/11/2005 21:05 <REP> Adobe
16/08/2004 19:28 <REP> SBSI
16/08/2004 18:55 62 desktop.ini
16/08/2004 18:54 <REP> Microsoft
16/08/2004 18:54 <REP> .
16/08/2004 18:54 <REP> ..
3 fichier(s) 2539 octets
19 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\Default User\Application Data
04/02/2006 14:07 <REP> Identities
04/02/2006 14:07 <REP> Real
04/02/2006 14:07 <REP> Symantec
04/02/2006 14:07 <REP> Sun
04/02/2006 14:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:54 62 desktop.ini
16/08/2004 18:54 <REP> Microsoft
16/08/2004 18:54 <REP> .
16/08/2004 18:54 <REP> ..
1 fichier(s) 62 octets
8 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data
21/02/2006 00:31 <REP> You've Got Pictures Screensaver
21/02/2006 00:31 <REP> ..
21/02/2006 00:31 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 13228892160 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\Documents and Settings\Valery\Application Data
08/06/2006 07:53 <REP> Send Barb Build
08/06/2006 07:52 <REP> pokesigncast
28/05/2006 04:34 <REP> .bittorrent
28/05/2006 00:36 <REP> ICQLite
17/04/2006 00:26 <REP> Skype
09/04/2006 02:35 7058 GdiplusUpgrade_MSIApproach_Wrapper.log
06/04/2006 21:05 <REP> MSNInstaller
03/04/2006 17:07 <REP> Aim
31/03/2006 01:25 <REP> Ahead
26/03/2006 17:36 <REP> Lavasoft
25/03/2006 03:41 41191 Update_HP_RedboxHprblog_HPSU.log
22/03/2006 16:59 <REP> Ulead Systems
19/03/2006 02:56 <REP> F-Secure
18/03/2006 05:06 <REP> PEX
18/03/2006 05:02 <REP> ispnews
18/03/2006 04:54 <REP> Wannadoo
18/03/2006 03:14 2083 HPSU_48BitScanUpdate.log
17/03/2006 04:18 <REP> Apple Computer
16/03/2006 21:16 <REP> Image Zone Express
16/03/2006 20:54 <REP> HP
15/03/2006 17:59 <REP> Talkback
15/03/2006 17:59 <REP> Mozilla
02/03/2006 02:43 <REP> eConf
02/03/2006 02:28 <REP> Wanadoo visio
25/02/2006 10:22 <REP> AdobeUM
25/02/2006 10:21 <REP> Adobe
04/02/2006 22:16 <REP> SlySoft
04/02/2006 21:18 <REP> Help
04/02/2006 20:01 <REP> CyberLink
04/02/2006 19:49 <REP> Sonic
04/02/2006 19:44 <REP> Leadertech
04/02/2006 16:06 <REP> Macromedia
04/02/2006 14:07 62 desktop.ini
04/02/2006 14:07 <REP> Identities
04/02/2006 14:07 <REP> Microsoft
04/02/2006 14:07 <REP> Real
04/02/2006 14:07 <REP> Sun
04/02/2006 14:07 <REP> ..
04/02/2006 14:07 <REP> .
04/02/2006 14:07 <REP> Symantec
04/02/2006 14:07 <REP> You've Got Pictures Screensaver
4 fichier(s) 50394 octets
37 R‚p(s) 13228888064 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est ECAA-DFED
R‚pertoire de C:\WINDOWS\Tasks
18/03/2006 05:06 588 Scheduled scanning task.job
18/03/2006 03:06 6 SA.DAT
18/03/2006 03:03 <REP> ..
18/03/2006 03:03 <REP> .
16/08/2004 18:40 65 desktop.ini
3 fichier(s) 659 octets
2 R‚p(s) 13ÿ228ÿ888ÿ064 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
hello
tjrs utile de le faire
4/ - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
tjrs utile de le faire
4/ - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
bonsoir,
Je vous remercie de toute l'aide que vous m'avez apporté, pour l'instant, je n'ai plus d'alerte du trojan ni de popups.
Il semblerait que le probléme soit reglé.
Bonne continuation à tous.
Je vous remercie de toute l'aide que vous m'avez apporté, pour l'instant, je n'ai plus d'alerte du trojan ni de popups.
Il semblerait que le probléme soit reglé.
Bonne continuation à tous.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir
c'est pas tout à fait terminer ...
cherche et supprime les fichiers en gras si present :
C:\Program files\Adverts
C:\Program files\ pokesigncast
ensuite reposte un nouveau hijackthis stp
@+
c'est pas tout à fait terminer ...
cherche et supprime les fichiers en gras si present :
C:\Program files\Adverts
C:\Program files\ pokesigncast
ensuite reposte un nouveau hijackthis stp
@+
Bonsoir,
En effet, les popups sont toujours là, uniquement quand j'ouvre le navigateur mais pas quand j'ouvre un nouvel onglet.
J'ai pu supprimer celui là :
C:\Program files\ pokesigncast
mais pas celui ci, il est introuvable.
C:\Program files\Adverts
Voici le log d'HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 01:11:22, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
En effet, les popups sont toujours là, uniquement quand j'ouvre le navigateur mais pas quand j'ouvre un nouvel onglet.
J'ai pu supprimer celui là :
C:\Program files\ pokesigncast
mais pas celui ci, il est introuvable.
C:\Program files\Adverts
Voici le log d'HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 01:11:22, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
bsr
fais examiner cette ligne :
C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
par virustotal
www.virustotal.com/flash/index_en.html
https://www.radins.com/
et
par jotti
https://virusscan.jotti.org/
copie/COLLE les 2 rapports
fais examiner cette ligne :
C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
par virustotal
www.virustotal.com/flash/index_en.html
https://www.radins.com/
et
par jotti
https://virusscan.jotti.org/
copie/COLLE les 2 rapports
re
fais un peu de ménage ds ce dernier logfile
trop de choses inutiles encore :
ouvre hijack
coche et fixe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
+
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe<==MEFIANT JE SUIS Là !!
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe<===INCONNU donc MéFIANT je suis
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
============
fais examiner aussi
C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
par virustotal
www.virustotal.com/flash/index_en.html
https://www.radins.com/
et
par jotti
https://virusscan.jotti.org/
===========
si ton PC est un HP ?
coche et fixe aussi ( qui a trait à P.Bell)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
=============
je vois du AOL !
est-ce que tu emploies AIM ?
fais un peu de ménage ds ce dernier logfile
trop de choses inutiles encore :
ouvre hijack
coche et fixe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
+
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe<==MEFIANT JE SUIS Là !!
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe<===INCONNU donc MéFIANT je suis
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
============
fais examiner aussi
C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
par virustotal
www.virustotal.com/flash/index_en.html
https://www.radins.com/
et
par jotti
https://virusscan.jotti.org/
===========
si ton PC est un HP ?
coche et fixe aussi ( qui a trait à P.Bell)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
=============
je vois du AOL !
est-ce que tu emploies AIM ?
Bonsoir,
je viens de voir votre message, en attendant votre réponse,
j'ai fais un activescan Panda et j'ai supprimé les fichiers nommés
sur le log suivant sauf 1 même en mode sans echec, je ne le trouve pas :
celui que je ne trouve pas :
Outil indésirable:Application/FunWeb No Désinfecté C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Ceux-là sont tous supprimés :
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\dumbfrag.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\ExitBows.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.weborama.fr/]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\qmaeouco.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\roadadmin.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\segwtbmj.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\ucshjrsa.exe
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[1].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@lop[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Local Settings\Temp\bis3AF9.exe
Voici le log d'HijackThis que j'ai fait à l'instant :
Logfile of HijackThis v1.99.1
Scan saved at 03:04:19, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
je viens de voir votre message, en attendant votre réponse,
j'ai fais un activescan Panda et j'ai supprimé les fichiers nommés
sur le log suivant sauf 1 même en mode sans echec, je ne le trouve pas :
celui que je ne trouve pas :
Outil indésirable:Application/FunWeb No Désinfecté C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Ceux-là sont tous supprimés :
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\dumbfrag.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\ExitBows.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Valery\Application Data\Mozilla\Firefox\Profiles\5350jr7h.default\cookies.txt[.weborama.fr/]
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\qmaeouco.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\roadadmin.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\segwtbmj.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Application Data\pokesigncast\ucshjrsa.exe
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@ad.yieldmanager[1].txt
Spyware:Cookie/Lop No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@lop[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Valery\Cookies\valery@xiti[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\Valery\Local Settings\Temp\bis3AF9.exe
Voici le log d'HijackThis que j'ai fait à l'instant :
Logfile of HijackThis v1.99.1
Scan saved at 03:04:19, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=S...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Interskipboob4] C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
O4 - HKCU\..\Run: [PlanBore] C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
re
ai oublié une ligne à fixer aussi :
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
========
exécute les conseils des posts 7 & 8
=========
lecture demain d'un nouvel hijack pour suite à donner
bonne nuit
ai oublié une ligne à fixer aussi :
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYFR
========
exécute les conseils des posts 7 & 8
=========
lecture demain d'un nouvel hijack pour suite à donner
bonne nuit
re
en relisant tt cela........
ai comme l impression que tu as du lop
désinstalle 'MessengerPlus3'
on remettra plus tard sans les sponsors
en relisant tt cela........
ai comme l impression que tu as du lop
désinstalle 'MessengerPlus3'
on remettra plus tard sans les sponsors
Bonsoir,
J'ai fixer toutes les lignes demandées.
Mon PC est : EasyNote de Packard Bell.
Impimantes : HP et Lexmark
Conexion Internet : en adaptateur WIFI avec la Livebox de Wanadoo.
Messageries Instantannées : Msn+ , Yahoo, Aim
Webcam : créative
Lecteur/Graveur DVD : interne + 1 externe
Lorsque j'ai fixer les lignes demandées, j'ai eu un message.
screen du message :
http://www.mezimages.com/image/toulonais1/messageerreurhijackthis1.JPG
Résultat de l'analyse des adresses suivante par virustotal et jotti :
Le chemin d'accès n'existe pas.
C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
En désinstallant msn plus, la fenêtre disait que les sponsors n'étaient pas installés.
Log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 04:33:30, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Valery\LOCALS~1\Temp\MsgPlusUninst.bat"
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
J'ai fixer toutes les lignes demandées.
Mon PC est : EasyNote de Packard Bell.
Impimantes : HP et Lexmark
Conexion Internet : en adaptateur WIFI avec la Livebox de Wanadoo.
Messageries Instantannées : Msn+ , Yahoo, Aim
Webcam : créative
Lecteur/Graveur DVD : interne + 1 externe
Lorsque j'ai fixer les lignes demandées, j'ai eu un message.
screen du message :
http://www.mezimages.com/image/toulonais1/messageerreurhijackthis1.JPG
Résultat de l'analyse des adresses suivante par virustotal et jotti :
Le chemin d'accès n'existe pas.
C:\Documents and Settings\All Users\Application Data\StyleJugsInterSkip\reflog.exe
C:\DOCUME~1\Valery\APPLIC~1\POKESI~1\roadadmin.exe
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
En désinstallant msn plus, la fenêtre disait que les sponsors n'étaient pas installés.
Log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 04:33:30, on 09/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Valery\LOCALS~1\Temp\MsgPlusUninst.bat"
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC19040-BB5D-4AAB-A3DC-708A61A1C345}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
bonjour,
je n'ai plus de popups depuis la suppression des fichiers indiqués par l'activscan, si vous trouvez dans le log d'HijackThis qu'il y a encore des fichiers à fixer, pas de problème.
merci à tous pour l'aide apporté.
je n'ai plus de popups depuis la suppression des fichiers indiqués par l'activscan, si vous trouvez dans le log d'HijackThis qu'il y a encore des fichiers à fixer, pas de problème.
merci à tous pour l'aide apporté.
Salut
pour moi c'est tout bon !
une ptite ligne inutile :
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
Cliques sur :
demarrer < executer < tapes " services.msc"
cherches dans la liste cette ligne et regles la sur "desactivé"
France Telecom Routing Table Service
et pour la suite :
securite proteger un ordinateur contre les malwares d internet
@+
pour moi c'est tout bon !
une ptite ligne inutile :
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
Cliques sur :
demarrer < executer < tapes " services.msc"
cherches dans la liste cette ligne et regles la sur "desactivé"
France Telecom Routing Table Service
et pour la suite :
securite proteger un ordinateur contre les malwares d internet
@+
