Analyse scan HJT

Résolu
grecoriz Messages postés 49 Date d'inscription   Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Je pense m'être fait infecter, notamment par winfixer (cela m'était déja arrivé). J'ai essayé de mettre le site dans les sites sensibles, mais cela n'a pas l'air de fonctionner.
Donc je mets le scan.

Mais avant, une petite question : Comment faire pour analyser un scan HJT? je n'y comprends vraiment pas grand chose.

D'avance merci

Logfile of HijackThis v1.99.1
Scan saved at 14:42:01, on 07/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Documents and Settings\gbaltide\Bureau\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xpertserv04/kiloutou18/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Eecs] "C:\WINDOWS\System32\SSEMBL~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Nruoqeba] C:\WINDOWS\F?nts\??oolsv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = X-PERTeam.local
O17 - HKLM\Software\..\Telephony: DomainName = X-PERTeam.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{A18BCDC0-A5C3-4873-9A0F-C5B32106E98A}: NameServer = 192.168.0.201
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = X-PERTeam.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = X-PERTeam.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: msftesql - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

19 réponses

  1. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    hello

    ""Je pense m'être fait infecter, notamment par winfixer ""<==Cmt le sais-tu?
    =============
    "Comment faire pour analyser un scan HJT? ""<==balance moi un mot dans ma box - te donnerai les grdes d'apprentissage
    ========
    ouvre to hijack
    coche et fixe

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    +
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    +
    je dois m absenter
    =========
    fais TOUT ceci en attendant :
    1/ -Ad-Aware (gratuit) :
    Tutorial et téléchargement ici :
    https://forums.cnetfrance.fr
    2/ - Spybot (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.htm... demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    3/ - Ewido (download)- gratuit même après 14 jours d’essai
    http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
    Copie/COLLE le rapport généré sur ce forum
    Pour Win 98, Ewido non compatible
    Dans ce cas, il te faudra utiliser a-squared free et demander une clef pour son usage gratuit
    https://www.emsisoft.com/fr/
    4/ - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
    Télécharge ici :
    https://www.ccleaner.com/ccleaner/download
    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
    5/ - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
    https://assiste.com/404_La_page_demandee_n_existe_pas.php
    http://www.bitdefender.fr/scan8/ie.html
    Copie/COLLE le rapport entier

    0
    1. billtheboss Messages postés 5515 Date d'inscription   Statut Membre Dernière intervention   57
       
      Salut Aranjuez,

      Désolé de taper l'incruste, mais moi aussi j'aimerais un peu mieux comprendre Hijackthis, mais elle est où ta boîte mail ?
      Merci.
      0
      1. Kristopher Messages postés 3752 Statut Contributeur 106 > billtheboss Messages postés 5515 Date d'inscription   Statut Membre Dernière intervention  
         
        Salut bill,

        On s'était déjà croisé dans la discussion concernant mes devinettes ;)

        Concernant la boîte mail de l'ami Aran, regarde dans son profil.

        Pour HT, c'est un peu long à comprendre... mais si tu es motivé ça va aller vite ;)

        Un tutorial :

        https://www.zebulon.fr/dossiers/securite/56-analyse-rapports-hijackthis.html

        + ceci :

        http://www.castlecops.com/t14745-Welcome_to_CastleCops.html

        Et t'es parti pour analyser tranquille des logs HT ;)

        a+
        0
      2. billtheboss Messages postés 5515 Date d'inscription   Statut Membre Dernière intervention   57 > Kristopher Messages postés 3752 Statut Contributeur
         
        Tout à fait, je m'en rappelle très bien ! ;-)
        C'était au bon vieux temps.
        Merci pour le tuto je vais m'en faire un livre de chevet..
        Je sens que tu vas te payer ma poire, mais dans le profil de l'ami aran, je vois bien son site, mais pas d'adresse mail ?
        Ou faut que je retourne chez l'ophtalmo ! :-))
        0
      3. Kristopher Messages postés 3752 Statut Contributeur 106 > billtheboss Messages postés 5515 Date d'inscription   Statut Membre Dernière intervention  
         
        Pas grave,

        Juste à côté de "Adresse électronique" (dans son Profil) tu vois marqué quoi ?

        Allez, à la prochaine man ;)

        bye bye...
        0
      4. billtheboss Messages postés 5515 Date d'inscription   Statut Membre Dernière intervention   57 > Kristopher Messages postés 3752 Statut Contributeur
         
        1-Faut que je m'achète un chien
        2-Encore merci
        3-Bon week-end A+
        4-Allez les blééééééééé :-)
        0
  2. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Voila le résultat de ad aware.

    Ad-Aware SE Build 1.06r1
    Logfile Created on:vendredi 7 juillet 2006 15:20:10
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R113 28.06.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Alexa(TAC index:5):10 total references
    SpywareQuake(TAC index:10):1 total references
    Tracking Cookie(TAC index:3):10 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    07-07-2006 15:20:10 - Scan started. (Full System Scan)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 788
    ThreadCreationTime : 07-07-2006 12:30:30
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 852
    ThreadCreationTime : 07-07-2006 12:30:32
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 876
    ThreadCreationTime : 07-07-2006 12:30:32
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 920
    ThreadCreationTime : 07-07-2006 12:30:33
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 932
    ThreadCreationTime : 07-07-2006 12:30:33
    BasePriority : Normal
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1100
    ThreadCreationTime : 07-07-2006 12:30:33
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1152
    ThreadCreationTime : 07-07-2006 12:31:55
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1788
    ThreadCreationTime : 07-07-2006 12:31:55
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 324
    ThreadCreationTime : 07-07-2006 12:31:56
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 404
    ThreadCreationTime : 07-07-2006 12:31:56
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 576
    ThreadCreationTime : 07-07-2006 12:31:56
    BasePriority : Normal
    FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
    ProductVersion : 5.1.2600.1699
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 740
    ThreadCreationTime : 07-07-2006 12:32:08
    BasePriority : Normal
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:13 [aswupdsv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 372
    ThreadCreationTime : 07-07-2006 12:32:08
    BasePriority : Normal

    #:14 [ashserv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 820
    ThreadCreationTime : 07-07-2006 12:32:08
    BasePriority : High
    FileVersion : 4, 7, 844, 0
    ProductVersion : 4, 7, 0, 0
    ProductName : avast! Antivirus
    FileDescription : avast! antivirus service
    InternalName : aswServ
    LegalCopyright : Copyright (c) 2006 ALWIL Software
    OriginalFilename : aswServ.exe

    #:15 [inetinfo.exe]
    FilePath : C:\WINDOWS\System32\inetsrv\
    ProcessID : 1292
    ThreadCreationTime : 07-07-2006 12:32:08
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Services Internet (IIS)
    CompanyName : Microsoft Corporation
    FileDescription : Services Internet (IIS)
    InternalName : INETINFO.EXE
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : INETINFO.EXE

    #:16 [sqlservr.exe]
    FilePath : C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
    ProcessID : 1888
    ThreadCreationTime : 07-07-2006 12:32:14
    BasePriority : Normal
    FileVersion : 2000.090.1116.00
    ProductVersion : 9.00.1116
    ProductName : Microsoft SQL Server
    CompanyName : Microsoft Corporation
    FileDescription : SQL Server Windows NT
    InternalName : SQLSERVR
    LegalCopyright : © 1988-2004 Microsoft Corp. All rights reserved.
    LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
    OriginalFilename : SQLSERVR.EXE
    Comments : NT INTEL X86

    #:17 [vmware-authd.exe]
    FilePath : C:\Program Files\VMware\VMware Player\
    ProcessID : 176
    ThreadCreationTime : 07-07-2006 12:32:23
    BasePriority : Normal
    FileVersion : 1.0.1 build-19317
    ProductVersion : 1.0.1 build-19317
    ProductName : VMware Player
    CompanyName : VMware, Inc.
    FileDescription : VMware Authorization Service
    InternalName : vmauthd
    LegalCopyright : Copyright © 1998-2005 VMware, Inc.
    OriginalFilename : vmware-authd.exe

    #:18 [vmount2.exe]
    FilePath : C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\
    ProcessID : 1832
    ThreadCreationTime : 07-07-2006 12:32:24
    BasePriority : Normal
    FileVersion : 1.0.1 build-19317
    ProductVersion : 1.0.1 build-19317
    ProductName : VMware Player
    CompanyName : VMware, Inc.
    FileDescription : virtual disk mount service
    InternalName : vmount
    LegalCopyright : Copyright © 1998-2005 VMware, Inc.
    OriginalFilename : vmount2.EXE

    #:19 [vmnat.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1588
    ThreadCreationTime : 07-07-2006 12:32:28
    BasePriority : Normal
    FileVersion : 1.0.1 build-19317
    ProductVersion : 1.0.1 build-19317
    ProductName : VMware Player
    CompanyName : VMware, Inc.
    FileDescription : VMware NAT Service
    InternalName : vmnat
    LegalCopyright : Copyright © 1998-2005 VMware, Inc.
    OriginalFilename : vmnat.exe

    #:20 [vmnetdhcp.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1988
    ThreadCreationTime : 07-07-2006 12:32:31
    BasePriority : Normal
    FileVersion : 1.0.1 build-19317
    ProductVersion : 1.0.1 build-19317
    ProductName : VMware Player
    CompanyName : VMware, Inc.
    FileDescription : VMware VMnet DHCP service
    InternalName : vmnetdhcp
    LegalCopyright : Copyright © 1998-2005 VMware, Inc.
    OriginalFilename : vmnetdhcp.exe
    Comments : VMware port to Windows NT of ISC v2.0 DHCP server; tailored exclusively for use with VMnet devices

    #:21 [ashmaisv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 1452
    ThreadCreationTime : 07-07-2006 12:32:52
    BasePriority : Normal

    #:22 [ashwebsv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ProcessID : 1700
    ThreadCreationTime : 07-07-2006 12:32:59
    BasePriority : Normal

    #:23 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2768
    ThreadCreationTime : 07-07-2006 12:34:12
    BasePriority : Normal
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:24 [hkcmd.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3252
    ThreadCreationTime : 07-07-2006 12:34:41
    BasePriority : Normal
    FileVersion : 3.0.0.4299
    ProductVersion : 7.0.0.4299
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    LegalCopyright : Copyright 1999-2004, Intel Corporation
    OriginalFilename : HKCMD.EXE

    #:25 [igfxpers.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3268
    ThreadCreationTime : 07-07-2006 12:34:41
    BasePriority : Normal
    FileVersion : 3.0.0.4299
    ProductVersion : 7.0.0.4299
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : persistence Module
    InternalName : PERSISTENCE
    LegalCopyright : Copyright 1999-2004, Intel Corporation
    OriginalFilename : IGFXPERS.EXE

    #:26 [taskmgr.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3308
    ThreadCreationTime : 07-07-2006 12:34:44
    BasePriority : High
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Gestionnaire des tâches de Windows
    InternalName : taskmgr
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : taskmgr.exe

    #:27 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
    ProcessID : 3408
    ThreadCreationTime : 07-07-2006 12:34:44
    BasePriority : Normal

    #:28 [realsched.exe]
    FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\
    ProcessID : 3508
    ThreadCreationTime : 07-07-2006 12:34:45
    BasePriority : Normal
    FileVersion : 0.1.0.3510
    ProductVersion : 0.1.0.3510
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:29 [ashdisp.exe]
    FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
    ProcessID : 3600
    ThreadCreationTime : 07-07-2006 12:34:47
    BasePriority : Normal
    FileVersion : 5, 0, 0, 0
    ProductVersion : 5, 0, 0, 0
    ProductName : avast! Antivirus
    FileDescription : avast! service GUI component
    InternalName : aswDisp
    LegalCopyright : Copyright (c) 2006 ALWIL Software
    OriginalFilename : aswDisp.exe

    #:30 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ProcessID : 2808
    ThreadCreationTime : 07-07-2006 13:17:58
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    #:31 [hh.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2376
    ThreadCreationTime : 07-07-2006 13:17:58
    BasePriority : Normal
    FileVersion : 5.2.3790.315 (srv03_gdr.050421-1728)
    ProductVersion : 5.2.3790.315
    ProductName : HTML Help
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft® HTML Help Executable
    InternalName : HH 1.41
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : HH.exe

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    SpywareQuake Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}

    Alexa Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Value : MenuStatusBar

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Value : Script

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Value : clsid

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Value : Icon

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Value : HotIcon

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Value : ButtonText

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
    Rootkey : HKEY_USERS
    Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
    Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
    Rootkey : HKEY_USERS
    Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
    Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Alexa Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 5
    Category : Data Miner
    Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
    Rootkey : HKEY_USERS
    Object : S-1-5-21-2674859993-1380643959-3103711320-1137\software\microsoft\internet explorer\extensions\cmdmapping
    Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 11
    Objects found so far: 11

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 11

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@bluestreak[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:9
    Value : Cookie:gbaltide@bluestreak.com/
    Expires : 01-07-2016 11:16:34
    LastSync : Hits:9
    UseCount : 0
    Hits : 9

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@weborama[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:gbaltide@weborama.fr/
    Expires : 11-06-2008 13:59:50
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@serving-sys[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:gbaltide@serving-sys.com/
    Expires : 01-01-2038
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@ads.pointroll[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:gbaltide@ads.pointroll.com/
    Expires : 01-01-2010 02:00:00
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@bfast[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:gbaltide@bfast.com/
    Expires : 05-07-2026 10:17:32
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@2o7[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:6
    Value : Cookie:gbaltide@2o7.net/
    Expires : 05-07-2011 09:52:20
    LastSync : Hits:6
    UseCount : 0
    Hits : 6

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@www.smartadserver[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:13
    Value : Cookie:gbaltide@www.smartadserver.com/
    Expires : 02-07-2026 12:20:12
    LastSync : Hits:13
    UseCount : 0
    Hits : 13

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@as1.falkag[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:31
    Value : Cookie:gbaltide@as1.falkag.de/
    Expires : 02-09-2006 14:34:58
    LastSync : Hits:31
    UseCount : 0
    Hits : 31

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@atdmt[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:26
    Value : Cookie:gbaltide@atdmt.com/
    Expires : 19-04-2011 02:00:00
    LastSync : Hits:26
    UseCount : 0
    Hits : 26

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : gbaltide@doubleclick[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:gbaltide@doubleclick.net/
    Expires : 03-07-2009 14:36:06
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 10
    Objects found so far: 21

    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 21

    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 21

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 21

    15:31:12 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:11:01.907
    Objects scanned:278528
    Objects identified:21
    Objects ignored:0
    New critical objects:21

    Tout de suite la suite
    0
  3. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bsr
    si tu relisais...............
    tu verrais qu il n est pas ddé tous les rapports
    aurais-je écrit en javanais ??
    0
  4. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Non dsl, voila celui de bitdefender

    BitDefender Online Scanner

    Scan report generated at: Mon, Jul 10, 2006 - 20:40:33

    Scan path: C:\;D:\;

    Statistics

    Time 01:51:34
    Files 1133167
    Folders 8257
    Boot Sectors 2
    Archives 2662
    Packed Files 188358

    Results

    Identified Viruses 2
    Infected Files 2
    Suspect Files 0
    Warnings 0
    Disinfected 0
    Deleted Files 2

    Engines Info

    Virus Definitions 406964
    Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
    Scan plugins 13
    Archive plugins 39
    Unpack plugins 5
    E-mail plugins 6
    System plugins 1

    Scan Settings

    First Action Disinfect
    Second Action Delete
    Heuristics Yes
    Enable Warnings Yes
    Scanned Extensions *;
    Exclude Extensions
    Scan Emails Yes
    Scan Archives Yes
    Scan Packed Yes
    Scan Files Yes
    Scan Boot Yes

    Scanned File Status

    C:\WINDOWS\system32\regperf.exe Infected with: Trojan.Downloader.Zlob.QK
    C:\WINDOWS\system32\regperf.exe Disinfection failed
    C:\WINDOWS\system32\regperf.exe Deleted

    C:\WINDOWS\system32\simpole.tlb Infected with: Trojan.Downloader.Zlob.TA
    C:\WINDOWS\system32\simpole.tlb Disinfection failed
    C:\WINDOWS\system32\simpole.tlb Deleted

    Voila encore désolé et un grand merci pour tout ce que vous faites
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Apparemment le probleme persiste, et je reste sans nouvelles...

    Alors j'attends ...
    Snif
    0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Je vais prendre le relai, aranjuez est peut etre en vacances.

    Remet un Hijack this et dis moi quels soucis as tu.

    a+
    0
  8. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Bonjour,

    Voila, j'ai des fenetre qui s'ouvrent avec des winantivirus et autres.

    Voila le scan HJT.

    Logfile of HijackThis v1.99.1
    Scan saved at 08:15:07, on 13/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\gbaltide\Bureau\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xpertserv04/valeo19/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {76712801-6E38-4869-9876-90B451D417FB} - C:\WINDOWS\System32\ssqpn.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O17 - HKLM\Software\..\Telephony: DomainName = X-PERTeam.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A18BCDC0-A5C3-4873-9A0F-C5B32106E98A}: NameServer = 192.168.0.201
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: ssqpn - C:\WINDOWS\System32\ssqpn.dll
    O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: msftesql - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
    O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
    O23 - Service: Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

    Merci
    0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut;

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Coche Run VundoFix as a task.
    Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    A+
    0
  10. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Voila
    le scan VundoFIX

    VundoFix V5.1.2

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 12:53:03 13/07/2006

    Listing files found while scanning....

    C:\windows\system32\ddcabyw.dll
    C:\windows\system32\ssqpn.dll
    C:\windows\system32\npqss.ini
    C:\windows\system32\npqss.bak1
    C:\windows\system32\npqss.bak2

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\windows\system32\ddcabyw.dll
    C:\windows\system32\ddcabyw.dll Has been deleted!

    Attempting to delete C:\windows\system32\ssqpn.dll
    C:\windows\system32\ssqpn.dll Has been deleted!

    Attempting to delete C:\windows\system32\npqss.ini
    C:\windows\system32\npqss.ini Has been deleted!

    Attempting to delete C:\windows\system32\npqss.bak1
    C:\windows\system32\npqss.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\npqss.bak2
    C:\windows\system32\npqss.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    e le scan HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 13:05:28, on 13/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Documents and Settings\gbaltide\Bureau\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xpertserv04/kiloutou18/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {76712801-6E38-4869-9876-90B451D417FB} - C:\WINDOWS\System32\ssqpn.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O17 - HKLM\Software\..\Telephony: DomainName = X-PERTeam.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A18BCDC0-A5C3-4873-9A0F-C5B32106E98A}: NameServer = 192.168.0.201
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: msftesql - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
    O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
    O23 - Service: Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

    Merci
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4
    https://www.safer-networking.org/

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06
    https://www.adaware.com/
    -Une aide:
    http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    3/ Ewido:

    http://perso.orange.fr/entraide-hijackthis/Ewido/

    Installation puis mises à jour.

    4/ Ccleaner :

    https://www.pcastuces.com/logitheque/ccleaner.htm
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O2 - BHO: (no name) - {76712801-6E38-4869-9876-90B451D417FB} - C:\WINDOWS\System32\ssqpn.dll (file missing)

    O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll
    ----------------------------------------------------------------------------
    ¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    -------------------------------------------------------------------------------------------
    ¤ Lance CCleaner.

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
    • Clique sur Analyse
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur Lancer le Nettoyage

    Suppression des incohérence du registre

    • Clique sur l'icône Erreurs situés dans la marge à gauche.
    • Puis clique sur Analyser les erreurs
    • Patiente pendant que CCleaner scan ton registre.
    • Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
    • Tu peux cliquer ensuite sur Corriger les erreurs.
    Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
  12. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Voila déja le scan Ewido

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 17:10:48 13/07/2006

    + Scan result:

    C:\VundoFix Backups\ddcabyw.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.11:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.12:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.13:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.14:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.246:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.247:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.248:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.249:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.250:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.251:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.10:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.116:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.16:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.17:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.18:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.19:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.21:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.41:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.42:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.43:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.622:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.9:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.642:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.643:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.204:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.205:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.133:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.134:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.135:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.33:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.44:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\gbaltide\Cookies\gbaltide@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.420:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.121:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.33:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.260:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.280:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.370:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.371:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.372:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.41:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.83:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Estat : Cleaned.
    :mozilla.545:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.138:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.139:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.140:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.141:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.142:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.191:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.192:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.193:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.187:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.186:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.173:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.174:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.223:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.241:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.242:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.243:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.468:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.605:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.607:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.56:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.576:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.207:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.234:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.235:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.236:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.428:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.429:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.430:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.164:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.165:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.166:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.462:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.54:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.55:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.56:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.57:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.58:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.467:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.70:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.71:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.37:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.59:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.60:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.61:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.62:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\gbaltide\Cookies\gbaltide@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.577:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.68:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.531:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.54:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.55:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.86:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.87:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.188:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.228:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.229:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.125:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.126:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.127:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.623:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.624:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.57:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.58:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.257:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.258:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.45:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.255:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.256:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.259:C:\Documents and Settings\gbaltide\Application Data\Mozilla\Firefox\Profiles\e2ursg5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
    C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\1024\ld590D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\winjks32.dll -> Trojan.Small : Cleaned with backup (quarantined).

    ::Report end

    Par contre, je dois partir
    faudra t-il tout reprendre du début? ou je continue avec la suite?

    Merci
    0
  13. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Pour avancer

    EWIDO ce sont des cookies donc rien de méchant

    Fait ceci et garde le

    CleanUp40
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
    Démo d’utilisation :
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    Refais un ewido, tu seras moins affolé..

    A++

    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    A+
    0
  15. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Bjr,

    Effectivement, j'ai relancé un ewido et ca va bcp mieux (ouf).

    Voila le rapport de smitfraudfix

    SmitFraudFix v2.72

    Rapport fait à 10:07:09,32, 17/07/2006
    Executé à partir de C:\Documents and Settings\gbaltide\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ot.ico PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gbaltide\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gbaltide\Favoris

    C:\DOCUME~1\gbaltide\Favoris\Antivirus Test Online.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\SpyQuake2.com\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Voila capitaine, j'attends les instructions suivantes !!!
    Merci
    0
  16. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    Pour avancer :

    Fais l'option 2°/ et 3°/ de Smitfraud

    2°/ - Démarre en mode sans échec :

    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape ‘Entrée’ sur ton clavier.

    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres, c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    3°/ - Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond OUI à tout ;
    Sauvegarde le rapport, redémarre en mode normal,
    Copie-COLLE le rapport sauvegardé sur le forum.

    Tu refais un hitjakthis

    A++
    0
  17. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Re

    Pour smitFraud, je l'ai lancé une fois en mode normal et une fois en mode sans échec (dsl) donc je met les deux rapports dans l'ordre suivi du rapport HJT

    SmitFraudFix v2.72

    Rapport fait à 10:40:01,29, 17/07/2006
    Executé à partir de C:\Documents and Settings\gbaltide\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ot.ico supprimé
    C:\DOCUME~1\gbaltide\Favoris\Antivirus Test Online.url supprimé
    C:\Program Files\SpyQuake2.com\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    ######################

    SmitFraudFix v2.72

    Rapport fait à 10:49:24,00, 17/07/2006
    Executé à partir de C:\Documents and Settings\gbaltide\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    #####################

    Logfile of HijackThis v1.99.1
    Scan saved at 10:57:42, on 17/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
    C:\Documents and Settings\gbaltide\Bureau\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O17 - HKLM\Software\..\Telephony: DomainName = X-PERTeam.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A18BCDC0-A5C3-4873-9A0F-C5B32106E98A}: NameServer = 192.168.0.201
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = X-PERTeam.local
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: msftesql - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
    O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
    O23 - Service: Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

    Merci
    0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)

    Redemarre et dis moi ou en sont tes soucis?

    A+
    0
  19. grecoriz Messages postés 49 Date d'inscription   Statut Membre 5
     
    Apparemment plus de probleme de fenêtres intempestives !!!
    Merci

    PS: Comment fait - on pour comprendre un scan HJT par exemple?
    HJT permet-il de supprimer corriger tout les problemes de "virus" malware et assimilés?

    Encore merci
    0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Pour HJT, ca demande bcp d entrainement et de l apprentissage.
    Si ca t interresse, sur le forum que j administre, l adresse est dans mon profil, je vais bientot ouvrir une section d apprentissage pour la lutte anti malware, si ca t interresse, t es le bienvenue.

    Non il ne corrige pas tout, mais permet surtout de voir les problemes qui y sont. Ensuite faut connaitre les infections et savoir comment les supprimer avec tels ou tels outils.

    :-)
    De rien

    A+
    0