virus exmodul.exe

Question

salut,
pouvez vous m'aider à eradiquer ce virus?
j'aimerais savoir si ce virus provoque des déconnection intempestive lors de l'utilisation limewire?
voilà le scan HijackThis v1.99.1:
et merci d'avance

Logfile of HijackThis v1.99.1
Scan saved at 12:16:37, on 15/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sagem Photo Easy\AzAgent.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\WINDOWS\system32\spider.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MM_TDM~1.EXE
C:\Program Files\a-squared\a2start.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
E:\logiciel\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=4000...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=4000...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NI.UWFX5V] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\C6VRZNQO\WinFixer2005ScannerInstallFRA[1].exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Dcybfwgg] C:\Program Files\Idvka\Fhahp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45799AD8-2BB1-4F13-A556-BF5525486E61}: NameServer = 85.255.113.93,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{5778F6EA-F731-4913-8FBD-DFEE802F7A3A}: NameServer = 85.255.113.93,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{A98C7043-EB04-402A-B88D-E7CD3A6FAD1F}: NameServer = 85.255.113.93,85.255.112.24
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Afficher la suite

green day · Answer

Salut

en effet, ptite infection assez coriace ...

* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

++

green day · Answer

re

merci de rester sur le même poste :

je joint ta reponse :

salut,
> comme prevue j'ai effectué la manip, voici les differents résultats:
> je ne pourrais te dire si ca va car je doit refaire un scan.
> merci et a+
> Fixwareout ver 1.003
> Last edited 04/26/2006
> Post this report in the forums please
>
> Reg Entries that were deleted
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwh
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\qlamz
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
> ...
>
> Microsoft (R) Windows Script Host Version 5.6
> Random Runs removed from HKLM
> ...
>
> PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT
> IS LEAVE THEM ALONE.
> Example ipsec6.exe is lagitamate
>
> »»»»» Search by size and names...
>
> »»»»» Misc files
>
> »»»»» Checking for older varients covered by the Rem3 tool
>
> »»»»»
> Search five digit cs, dm and jb files
> This WILL/CAN also list Legit Files, Submit them at Virustotal
>
>
> et voici le second scan:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 14:03:05, on 15/06/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
> C:\Program Files\Alwil Software\Avast4\ashServ.exe
> C:\WINDOWS\system32\CTsvcCDA.EXE
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\NOTEPAD.EXE
> C:\Program Files\Sagem Photo Easy\AzAgent.exe
> C:\WINDOWS\VM_STI.EXE
> C:\Program Files\HP\HP Software Update\HPWuSchd.exe
> C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
> C:\WINDOWS\SOUNDMAN.EXE
> C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
> C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
> C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
> C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
> C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
> C:\Program Files\palmOne\Hotsync.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
> C:\Program Files\Logitech\SetPoint\KEM.exe
> C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
> C:\WINDOWS\system32\HPZipm12.exe
> C:\Program Files\Wanadoo\EspaceWanadoo.exe
> C:\Program Files\Wanadoo\ComComp.exe
> C:\PROGRA~1\Wanadoo\Toaster.exe
> C:\PROGRA~1\Wanadoo\Inactivity.exe
> C:\PROGRA~1\Wanadoo\PollingModule.exe
> C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
> C:\Program Files\Wanadoo\Watch.exe
> C:\Program Files\Outlook Express\msimn.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
> E:\logiciel\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=4000...
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
> http://www.accoona.com/search?q=%s
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> Liens
> R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
> C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
> O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
> Apps\ST\01.03.0000.1005\en-xu\stmain.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar2.dll
> O2 - BHO: AcroIEToolbarHelper Class -
> {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll
> O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> C:\Program Files\MSN Apps\MSN Toolbar\MSN
> Toolbar\01.02.5000.1021\fr\msntb.dll
> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
> Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar2.dll
> O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"
> O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
> O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
> Update\HPWuSchd.exe"
> O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
> Files\HP\hpcoretech\hpcmpmgr.exe"
> O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
> Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
> Technologies\ATI.ACE\cli.exe" runtime
> O4 - HKLM\..\Run: [NI.UWFX5V] "C:\Documents and Settings\Francois\Local
> Settings\Temporary Internet
> Files\Content.IE5\C6VRZNQO\WinFixer2005ScannerInstallFRA[1].exe"
> O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat
> 7.0\Distillr\Acrotray.exe"
> O4 - HKLM\..\Run: [Dcybfwgg] C:\Program Files\Idvka\Fhahp.exe
> O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
> O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mm_tray.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
> O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe
> TaskBarIcon.exe
> O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mmtask.exe"
> O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
> O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\jre1.5.0_06\bin\jusched.exe
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Creative Detector] C:\Program
> Files\Creative\MediaSource\Detector\CTDetect.exe /R
> O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BackWeb-8876480.exe
> O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe
> appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program
> Files\Fichiers communs\Autodesk Shared\acstart16.exe
> O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
> Technologies\ATI.ACE\CLI.exe
> O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers
> communs\DataViz\DvzIncMsgr.exe
> O4 - Global Startup: HotSync Manager.lnk = C:\Program
> Files\palmOne\Hotsync.exe
> O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
> Files\HP\Digital Imaging\bin\hpqtra08.exe
> O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
> Files\InterVideo\Common\Bin\WinCinemaMgr.exe
> O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
> O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
> Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
> O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
> Files\Logitech\SetPoint\KEM.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office10\OSA.EXE
> O8 - Extra context menu item: &Traduire à partir de l'anglais -
> res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program
> Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
> O8 - Extra context menu item: Convertir en un fichier PDF existant -
> res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
> O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF -
> res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
> O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF
> existant - res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
> O8 - Extra context menu item: Convertir la sélection en Adobe PDF -
> res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
> O8 - Extra context menu item: Convertir la sélection en un fichier PDF
> existant - res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
> O8 - Extra context menu item: Convertir les liens sélectionnés en fichier
> Adobe PDF - res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
> O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier
> PDF existant - res://C:\Program Files\Adobe\Acrobat
> 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
> O8 - Extra context menu item: E&xporter vers Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
> O8 - Extra context menu item: Pages liées - res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Pages similaires - res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Recherche &Google - res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program
> Files\BitSpirit\bsurl.htm
> O8 - Extra context menu item: Version de la page actuelle disponible dans le
> cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Console Java (Sun) -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra button: ShopperReports - Compare travel rates -
> {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
> O9 - Extra button: Messager Wanadoo -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo
> Messager.exe (file missing)
> O9 - Extra 'Tools' menuitem: Messager Wanadoo -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo
> Messager.exe (file missing)
> O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
> https://www.orange.fr/portail (file missing) (HKCU)
> O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
> O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM
> ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{45799AD8-2BB1-4F13-A556-BF5525486E61}:
> NameServer = 85.255.113.93,85.255.112.24
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{5778F6EA-F731-4913-8FBD-DFEE802F7A3A}:
> NameServer = 85.255.113.93,85.255.112.24
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{A98C7043-EB04-402A-B88D-E7CD3A6FAD1F}:
> NameServer = 85.255.113.93,85.255.112.24
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers
> communs\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
> O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
> O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashServ.exe
> O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashMaiSv.exe" /service (file missing)
> O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashWebSv.exe" /service (file missing)
> O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
> C:\WINDOWS\system32\CTsvcCDA.EXE
> O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France
> Telecom - C:\WINDOWS\System32\FTRTSVC.exe
> O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers
> communs\Sony Shared\AVLib\MSCSPTISRV.exe
> O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers
> communs\Sony Shared\AVLib\PACSPTISVR.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
> O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
> Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
> O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -
> C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
>
> merci a +

Morice · Answer

Salut j'ai le meme problème sur mon ordi et c'est vraiment chiant,
 j'ai donc exécuté wareout et voila le résultat:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please 
 
Reg Entries that were deleted 
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM 
...
 
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»» Searching by size/names... 
 
»»»»» 
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
 
Other suspects.
Directory of C:\WINDOWS\system32
 
»»»»» Misc files. 
 
»»»»» Checking for older varients covered by the Rem3 tool.

voila merci bien

green day · Answer

Salut

 Télécharge ceci :

Lien :hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

@+

Morice · Answer

J'ai fait ce que tu m'as dit et voila le résultat:

Logfile of HijackThis v1.99.1
Scan saved at 13:54:34, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe
C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\PROGRA~1\WANADOO\Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C6B808-824D-4703-BE45-A636EC6A58A4}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exe

Merci

green day · Answer

re

 ok, il ne reste plus grand chose !

 Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe 

ensuite :

# Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
 
ccleaner

tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


et enfin : fais le 1/ et 2/ de ce lien stp :

virus methode preliminaire de desinfection version fr

precise tes soucis s'il en reste !

 @+

**tout ce que je sais, c'est que je ne sais rien ! et c'est déjà pas mal ...**

Séb08 · Answer

slt,

décidemment ... ;)

Coche aussi cette ligne :

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exe

recherche et supprime ce fichier (en gras) :

C:\WINDOWS\system32
vsvcd.exe

arrête ce service Windows Log  si encore en cours :

en faisant cette manip :

Démarrer -> executer -> tape services.msc double clic dessus et mets le sur "arrêté " et "désactivé".


vide ta corbeille et fais les dernières manip indiqué sur les liens de green day.

Tiens nous au courant.

A+

green day · Answer

lol

 je suis re-confuse :))))))))))))

 ==> ...

morice · Answer

merci bien pour votre

green day · Answer

Salut

 où en sont tes soucis ?

 @+

morice · Answer

Salut ba j'ai fait ce que tu m'as dit donc voila le rapport ewido: ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 18:15:35 29/09/2006 + Scan result: I:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : Cleaned. H:\WINDOWS\oh8dcmmd.exe -> Adware.SAHAgent : Cleaned. H: emp\Remover.exe -> Adware.Winad : Cleaned. I:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP92\A0026686.exe -> Downloader.Agent.aht : Cleaned. I:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP92\A0026687.exe -> Downloader.Agent.aht : Cleaned. H:\WINDOWS em220.dll -> Downloader.Dyfuca : Cleaned. H:\WINDOWS\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned. H:\WINDOWS\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned. C:\QUARANTINE\34exmodul32d.7.exe.Vir -> Proxy.Horst.ad : Cleaned. C:\WINDOWS\Temp\36exhdd.a.exe -> Proxy.Horst.jb : Cleaned. C:\WINDOWS\Temp\45exhdd.a.exe -> Proxy.Horst.jb : Cleaned. C:\WINDOWS\Temp\46exhdd.a.exe -> Proxy.Horst.jb : Cleaned. C:\WINDOWS\Temp\64exhdd.a.exe -> Proxy.Horst.jb : Cleaned. C:\WINDOWS\Temp\65exhdd.a.exe -> Proxy.Horst.jb : Cleaned. C:\WINDOWS\Temp\7exhdd.a.exe -> Proxy.Horst.jb : Cleaned. C:\Documents and Settings\Administrateur\Local Settings\Temp\setup.exe -> Proxy.Horst.jq : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. H:\Documents and Settings\jym\Cookies\jym@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. H:\Documents and Settings\jym\Cookies\jym@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. H:\Documents and Settings\jym\Cookies\jym@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. H:\Documents and Settings\jym\Cookies\jym@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. H:\Documents and Settings\jym\Cookies\jym@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. H:\Documents and Settings\jym\Cookies\jym@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. H:\Documents and Settings\jym\Cookies\jym@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. H:\Documents and Settings\jym\Cookies\jym@iv2.bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. H:\Documents and Settings\jym\Cookies\jym@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned. H:\Documents and Settings\jym\Cookies\jym@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned. H:\Documents and Settings\jym\Cookies\jym@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. H:\Documents and Settings\jym\Cookies\jym@com[1].txt -> TrackingCookie.Com : Cleaned. H:\Documents and Settings\jym\Cookies\jym@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. H:\Documents and Settings\jym\Cookies\jym@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. H:\Documents and Settings\jym\Cookies\jym@estat[1].txt -> TrackingCookie.Estat : Cleaned. H:\Documents and Settings\jym\Local Settings\Temp\Cookies\jym@estat[1].txt -> TrackingCookie.Estat : Cleaned. H:\Documents and Settings\jym\Cookies\jym@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. H:\Documents and Settings\jym\Cookies\jym@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. H:\Documents and Settings\jym\Cookies\jym@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. H:\Documents and Settings\jym\Cookies\jym@ehg-francetelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. H:\Documents and Settings\jym\Cookies\jym@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. H:\Documents and Settings\jym\Cookies\jym@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. H:\Documents and Settings\jym\Cookies\jym@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. H:\Documents and Settings\jym\Cookies\jym@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[2].txt -> TrackingCookie.Overture : Cleaned. H:\Documents and Settings\jym\Cookies\jym@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned. H:\Documents and Settings\jym\Cookies\jym@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. H:\Documents and Settings\jym\Cookies\jym@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned. H:\Documents and Settings\jym\Cookies\jym@revenue[1].txt -> TrackingCookie.Revenue : Cleaned. H:\Documents and Settings\jym\Cookies\jym@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. H:\Documents and Settings\jym\Cookies\jym@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. H:\Documents and Settings\jym\Local Settings\Temp\Cookies\jym@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. H:\Documents and Settings\jym\Cookies\jym@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. H:\Documents and Settings\jym\Cookies\jym@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned. H:\Documents and Settings\jym\Cookies\jym@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. H:\Documents and Settings\jym\Cookies\jym@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. H:\Documents and Settings\jym\Cookies\jym@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. H:\Documents and Settings\jym\Cookies\jym@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Administrateur\Local Settings\Temp mp1.tmp -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028262.exe -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028263.exe -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028264.exe -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028274.exe -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0028415.exe -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0028416.exe -> Trojan.Agent.xu : Cleaned. C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0028434.exe -> Trojan.Agent.xu : Cleaned. C:\WINDOWS\Temp\data.exe -> Trojan.Agent.xu : Cleaned. C:\WINDOWS\Temp mp1.tmp -> Trojan.Agent.xu : Cleaned. C:\WINDOWS\system\smss.exe -> Trojan.Agent.xu : Cleaned. ::Report end et le rapport de bitedefender: BitDefender Online Scanner -Scan Report

BitDefender Online Scanner

Scan report generated at: Fri, Sep 29, 2006 - 22:34:45

Scan path: A:\;C:\;D:\;E:\;G:\;H:\;I:\;

Statistics
Time	04:15:33
Files	572659
Folders	8910
Boot Sectors	6
Archives	5379
Packed Files	54561

Results
Identified Viruses	6
Infected Files	17
Suspect Files	0
Warnings	0
Disinfected	0
Deleted Files	16

Engines Info
Virus Definitions	456352
Engine build	AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins	13
Archive plugins	38
Unpack plugins	6
E-mail plugins	6
System plugins	1

Scan Settings
First Action	Disinfect
Second Action	Delete
Heuristics	Yes
Enable Warnings	Yes
Scanned Extensions	*;
Exclude Extensions
Scan Emails	Yes
Scan Archives	Yes
Scan Packed	Yes
Scan Files	Yes
Scan Boot	Yes

Scanned File	Status
C:\=>Master Boot Record 81	Infected with: Stoned.NoInt.A (Boot image)
C:\=>Master Boot Record 81	Disinfection failed
C:\WINDOWS\Temp\41exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\41exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\41exssd32.7.exe	Deleted
C:\WINDOWS\Temp\68exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\68exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\68exssd32.7.exe	Deleted
C:\WINDOWS\Temp\26exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\26exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\26exssd32.7.exe	Deleted
C:\WINDOWS\Temp\80exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\80exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\80exssd32.7.exe	Deleted
C:\WINDOWS\Temp\90exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\90exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\90exssd32.7.exe	Deleted
C:\WINDOWS\Temp\11exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\11exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\11exssd32.7.exe	Deleted
C:\WINDOWS\Temp\88exhdd.b.exe	Infected with: Trojan.Medbot.L
C:\WINDOWS\Temp\88exhdd.b.exe	Disinfection failed
C:\WINDOWS\Temp\88exhdd.b.exe	Deleted
C:\WINDOWS\Temp\79exhdd.b.exe	Infected with: Trojan.Medbot.L
C:\WINDOWS\Temp\79exhdd.b.exe	Disinfection failed
C:\WINDOWS\Temp\79exhdd.b.exe	Deleted
C:\WINDOWS\Temp\60exhdd.b.exe	Infected with: Trojan.Medbot.L
C:\WINDOWS\Temp\60exhdd.b.exe	Disinfection failed
C:\WINDOWS\Temp\60exhdd.b.exe	Deleted
C:\WINDOWS\Temp\42exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\42exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\42exssd32.7.exe	Deleted
C:\WINDOWS\Temp\1exhdd.b.exe	Infected with: Trojan.Medbot.L
C:\WINDOWS\Temp\1exhdd.b.exe	Disinfection failed
C:\WINDOWS\Temp\1exhdd.b.exe	Deleted
C:\WINDOWS\Temp\28exssd32.7.exe	Infected with: Trojan.Zlob.Gen
C:\WINDOWS\Temp\28exssd32.7.exe	Disinfection failed
C:\WINDOWS\Temp\28exssd32.7.exe	Deleted
C:\WINDOWS\Temp\82exhdd.b.exe	Infected with: Trojan.Medbot.L
C:\WINDOWS\Temp\82exhdd.b.exe	Disinfection failed
C:\WINDOWS\Temp\82exhdd.b.exe	Deleted
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029430.exe	Infected with: Trojan.Proxy.Horst.CG
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029430.exe	Disinfection failed
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029430.exe	Deleted
H:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029431.dll	Infected with: Trojan.Downloader.Dyfuca.H
H:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029431.dll	Disinfection failed
H:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029431.dll	Deleted
H:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029432.dll	Infected with: Trojan.Downloader.Dyfuca.DT
H:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029432.dll	Disinfection failed
H:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0029432.dll	Deleted

voila je crois que j'ai toujours des virus, en plus un scandisk se lance a chaque fois qie j'allume mon ordi et il est anormalemnt lent... merci de votre aide

Séb08 · Answer

Remet un log hijack STP

A+

morice · Answer

voila:

Logfile of HijackThis v1.99.1
Scan saved at 14:09:39, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\PROGRA~1\WANADOO\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Administrateur\Bureau\93091042.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C6B808-824D-4703-BE45-A636EC6A58A4}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exe (file missing)

merci

Séb08 · Answer

Déja réinstalle correctement Hijack car ici :

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

Il est mal placé pour les backup en cas de mauvaises manips .

Donc réinstalle le correctement avant toutes choses comme suit :

Dézippe le dans un dossier prévu à cet effet. 

Par exemple C:\hijackthis < Enregistre le bien dans c : ! 

Démo (merci à Balltrap) :
instalation hijackthis
pageperso.aol.fr/balltrap34/Hijenr.gif

****************************************************

Et tu as combien d'antivirus ??
Il ne t'en faut qu'un seul d'installer et apparemment tuas Norton et Mc Afee.
Vires en un .


ensuite :

¤Télécharge ces logiciels (si tu ne les as pas ) mais que tu n‘utilises pas tout de suite:

(Les mettre à jour avant de les lancer). Pour ça voir les démos.

Antispywares et autres :

1/ Ad-Aware (gratuit) 
Téléchargement : 
telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html 
Le patch en Français pour Ad-Aware (gratuit) : 
telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Tuto :
perso.orange.fr/entraide-hijackthis/AdAware/AdAware.htm


2/ Spybot (gratuit) :
 voir demo d utilisation (merci Balltrap)
pageperso.aol.fr/Balltrap34/demo%20spybot.htm
Téléchargement :
telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html 


3/ ewido (dowload) 
Téléchargement :
www.ewido.net/en/download/
Lorsqu'il est installer tu l'ouvres clique sur « update » fais les mise à jour
Tuto pour la version 4 d’Ewido :
www.malekal.com/tutorial_ewidoV4.html

Nettoyeurs (de fichiers inutiles) et autres :

4/ ccleaner (gratuit)
Tutorial là :
 www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Téléchargement :
 www.01net.com

*****************************************************
Affiches tous les fichiers et dossiers : 
cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage 
Cocher « afficher les dossiers et fichiers cachés »

Décoches la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décoches « masquer les extensions dont le type est connu » 
Puis fais «Ok» pour valider les changements. 

Et « appliquer »

****************************************************
¤Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
 coche les cases devant ces lignes et ensuite clique sur « fixer objets » (ou « fix checked »):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Administrateur\Bureau\93091042.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab 

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32
vsvcd.exe (file missing)

************************************************
¤Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
 puis tape « entrée ». 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5).  

**********************************************
¤Recherche et supprime ceci: 
attention seulement les fichiers  (si présents).

C:\PROGRA~1\WinZip\winzip32.exe 
C:\WINDOWS\system32
vsvcd.exe

************************************************
¤ Lancer Ewido pour un scan complet (clique sur « scanner » puis sur « complete scan system ») « delete » tout ce qu’il te trouve 
et copie/colle le rapport en forum.
************************************************
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
************************************************
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
***********************************************
¤ Lance CCleaner.

Suppression des fichiers temporaires 

Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur" 
Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé) 
• Clique sur Analyse 
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois. 
• Une fois le scan terminé, clique sur Lancer le Nettoyage 

Suppression des incohérence du registre 

• Clique sur l'icône Erreurs situés dans la marge à gauche. 
• Puis clique sur Analyser les erreurs 
• Patiente pendant que CCleaner scan ton registre. 
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée. 
• Tu peux cliquer ensuite sur Corriger les erreurs. 

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.

*************************************************
¤ Vide ta Corbeille.
*************************************************
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Et dis moi ou en sont tes probs s'il t'en reste.

A+

morice · Answer

Salut, j'ai fait tout ce que tu m'as dit donc voila le rapport ewido:

wido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:	18:15:35 29/09/2006

 + Scan result:	



I:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : Cleaned.
H:\WINDOWS\oh8dcmmd.exe -> Adware.SAHAgent : Cleaned.
H:	emp\Remover.exe -> Adware.Winad : Cleaned.
I:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP92\A0026686.exe -> Downloader.Agent.aht : Cleaned.
I:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP92\A0026687.exe -> Downloader.Agent.aht : Cleaned.
H:\WINDOWS
em220.dll -> Downloader.Dyfuca : Cleaned.
H:\WINDOWS\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned.
H:\WINDOWS\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned.
C:\QUARANTINE\34exmodul32d.7.exe.Vir -> Proxy.Horst.ad : Cleaned.
C:\WINDOWS\Temp\36exhdd.a.exe -> Proxy.Horst.jb : Cleaned.
C:\WINDOWS\Temp\45exhdd.a.exe -> Proxy.Horst.jb : Cleaned.
C:\WINDOWS\Temp\46exhdd.a.exe -> Proxy.Horst.jb : Cleaned.
C:\WINDOWS\Temp\64exhdd.a.exe -> Proxy.Horst.jb : Cleaned.
C:\WINDOWS\Temp\65exhdd.a.exe -> Proxy.Horst.jb : Cleaned.
C:\WINDOWS\Temp\7exhdd.a.exe -> Proxy.Horst.jb : Cleaned.
C:\Documents and Settings\Administrateur\Local Settings\Temp\setup.exe -> Proxy.Horst.jq : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@iv2.bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@com[1].txt -> TrackingCookie.Com : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@estat[1].txt -> TrackingCookie.Estat : Cleaned.
H:\Documents and Settings\jym\Local Settings\Temp\Cookies\jym@estat[1].txt -> TrackingCookie.Estat : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@ehg-francetelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[2].txt -> TrackingCookie.Overture : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
H:\Documents and Settings\jym\Local Settings\Temp\Cookies\jym@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
H:\Documents and Settings\jym\Cookies\jym@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrateur\Local Settings\Temp	mp1.tmp -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028262.exe -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028263.exe -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028264.exe -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP95\A0028274.exe -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0028415.exe -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0028416.exe -> Trojan.Agent.xu : Cleaned.
C:\System Volume Information\_restore{A3ACDE6A-57A8-47E2-831B-73E90184897B}\RP96\A0028434.exe -> Trojan.Agent.xu : Cleaned.
C:\WINDOWS\Temp\data.exe -> Trojan.Agent.xu : Cleaned.
C:\WINDOWS\Temp	mp1.tmp -> Trojan.Agent.xu : Cleaned.
C:\WINDOWS\system\smss.exe -> Trojan.Agent.xu : Cleaned.


::Report end

et le rapport hijacjthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:59:35, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

j'espère que tout est bon et merci pour ton aide.
bonne journée

Séb08 · Answer

Ok tu as bien Mc afee comme antivirus ?

Désactive ta restauration système (uniquement si tu es sous XP): 
Clic droit sur poste de travail puis, 
propriété, tu cliques sur onglet restauration système 
tu coches la case « désactiver la restauration » et applique. 

et refait unscan Bitdefender et colle moi le rapport STP.

Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) : 
http://www.bitdefender.fr/bd/site/search.php#
Clique sur « Bitdefender scan on line »  suis les instructions.
Et colle le rapport.

A+

Virus exmodul.exe

16 réponses

Discussions similaires

Newsletters