Analyse HijackThis

Question

Bonjour Qui peut analyser mon HijackThis?Merciwindows xpLogfile of HijackThis v1.99.1Scan saved at 12:19:34, on 15/07/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeC:\WINDOWS\System32\isnotify.exeC:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\WINDOWS\System32\ismon.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exeC:\Program Files\Trend Micro\PC-cillin 9\pccguide.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exeC:\Program Files\Ahead\InCD\InCD.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exeC:\Program Files\Iomega\AutoDisk\ADUserMon.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXEC:\Program Files\a-squared Anti-Malware\a2guard.exeC:\WINDOWS\System32\issearch.exeC:\WINDOWS\System32\ishost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\BWA\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zcfnopbslsnijidac.com/sRCrO/tXiObZAnV6PdXtIboSGeifEP9iLqs_KjyJWef2EVqh...R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portailR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exeO4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exeO4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTARTO4 - HKLM\..\Run: [qcxyt.exe] C:\WINDOWS\System32\qcxyt.exeO4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/026cc98f0457934e3806/netzip/RdxIE601_fr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://85.39.191.182//activex/AMC.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.ville-saintes.fr:81/activex/AxisCamControl.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B215F81D-1877-4C1D-B833-EE9696035F4E}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exeO23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeO23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Regis59 · Answer

SalutTu es tres infecté..Télécharge ceci: (merci a S!RI pour ce programme).http://siri.urz.free.fr/Fix/SmitfraudFix.zipExécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapportCopie/colle le sur le poste stp.----------------------------------------------------------------------------Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------Relance le programme Smitfraud,Cette fois choisit l’option 2, répond oui a tous ;Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forumA+

sserguei · Answer

re bonjourci joint le choix 2SmitFraudFix v2.70Rapport fait à 14:43:49,18, 15/07/2006Executé à partir de C:\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600] - Windows_NTFix executé en mode sans echec»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectésC:\WINDOWS\system32\ishost.exe suppriméC:\WINDOWS\system32\ismon.exe suppriméC:\WINDOWS\system32\isnotify.exe suppriméC:\WINDOWS\system32\issearch.exe suppriméC:\WINDOWS\system32\ixt?.dll suppriméC:\WINDOWS\system32\migicons.exe suppriméC:\WINDOWS\system32\ot.ico suppriméC:\DOCUME~1\ALLUSE~1\BUREAU\Online Security Guide.url suppriméC:\DOCUME~1\BWA\Favoris\Antivirus Test Online.url supprimé»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé.  »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Finton avis?merci

sserguei · Answer

re bonjourci joint résultat analyse choix2SmitFraudFix v2.70Rapport fait à 14:43:49,18, 15/07/2006Executé à partir de C:\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600] - Windows_NTFix executé en mode sans echec»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectésC:\WINDOWS\system32\ishost.exe suppriméC:\WINDOWS\system32\ismon.exe suppriméC:\WINDOWS\system32\isnotify.exe suppriméC:\WINDOWS\system32\issearch.exe suppriméC:\WINDOWS\system32\ixt?.dll suppriméC:\WINDOWS\system32\migicons.exe suppriméC:\WINDOWS\system32\ot.ico suppriméC:\DOCUME~1\ALLUSE~1\BUREAU\Online Security Guide.url suppriméC:\DOCUME~1\BWA\Favoris\Antivirus Test Online.url supprimé»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé.  »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» FinTon avis?Merci

Regis59 · Answer

SalutCa avance bien.Remet un HijackThisa+

sserguei · Answer

re bonjourLogfile of HijackThis v1.99.1Scan saved at 15:16:20, on 15/07/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exeC:\Program Files\Trend Micro\PC-cillin 9\pccguide.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exeC:\Program Files\Ahead\InCD\InCD.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exeC:\Program Files\Iomega\AutoDisk\ADUserMon.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\windows\system32\uhfabgkr.exeC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXEC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\BWA\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exeO4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exeO4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTARTO4 - HKLM\..\Run: [uhfabgkr] c:\windows\system32\uhfabgkr.exe uhfabgkrO4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"O4 - HKLM\..\Run: [swtwo.exe] C:\WINDOWS\System32\swtwo.exeO4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://85.39.191.182//activex/AMC.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.ville-saintes.fr:81/activex/AxisCamControl.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exeO23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeO23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exemerci

sserguei · Answer

Re bonjourà Régis59Ton avis sur mon deernier message?Merci de ta répponse

Regis59 · Answer

Salut;1-Télécharge Blacklight (de F-Secure) a l’une des 2 adresses : https://www.f-secure.com/en https://www.f-secure.com/en et sauvegarde le sur ton Bureau. Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). Copie et colle le contenu de ce rapport dans ta prochaine réponse 2- Télécharge le FixWareout d'un de ces deux sites sur le bureau:http://downloads.subratam.org/Fixwareout.exehttp://swandog46.geekstogo.com/Fixwareout.exeLance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish. Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:O4 - HKLM\..\Run: [uhfabgkr] c:\windows\system32\uhfabgkr.exe uhfabgkr O4 - HKLM\..\Run: [swtwo.exe] C:\WINDOWS\System32\swtwo.exe  O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://85.39.191.182//activex/AMC.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.ville-saintes.fr:81/activex/AxisCamControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.A+

sserguei · Answer

bonjourci joint les rapports07/16/06 09:41:39 [Info]: BlackLight Engine 1.0.42 initialized07/16/06 09:41:39 [Info]: OS: 5.1 build 2600 ()07/16/06 09:41:39 [Note]: 7019 407/16/06 09:41:39 [Note]: 7005 007/16/06 09:41:46 [Note]: 7006 007/16/06 09:41:46 [Note]: 7011 311207/16/06 09:41:46 [Note]: 7026 007/16/06 09:41:46 [Note]: 7026 007/16/06 09:41:46 [Note]: 7024 307/16/06 09:41:46 [Info]: Hidden process: C:\windows\system32\uhfabgkr.exe07/16/06 09:41:46 [Note]: FSRAW library version 1.7.101907/16/06 09:41:52 [Info]: Hidden file: C:\windows\system32\uhfabgkr.exe07/16/06 09:41:57 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\UHFABGKR.DAT07/16/06 09:41:58 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\UHFABG~1.DAT07/16/06 09:41:58 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\UHFABG~4.DAT07/16/06 09:42:04 [Info]: Hidden file: c:\WINDOWS\Prefetch\UHFABG~1.PF07/16/06 09:45:45 [Note]: 7007 0Logfile of HijackThis v1.99.1Scan saved at 10:26:45, on 16/07/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exeC:\Program Files\Trend Micro\PC-cillin 9\pccguide.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCD.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exeC:\Program Files\Iomega\AutoDisk\ADUserMon.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\Program Files\a-squared Anti-Malware\a2guard.exeC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXEC:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\BWA\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exeO4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exeO4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTARTO4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"O4 - HKLM\..\Run: [vgqze.exe] C:\WINDOWS\System32\vgqze.exeO4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exeO23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeO23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Regis59 · Answer

Re,Je te caches pas qu il en reste a faire; mais on va s en sortir !Télécharge Brute Force Uninstaller (de Merijn) ici: http://www.merijn.org/files/bfu.zip Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU) Ensuite, télécharge EGDACCESS.bfu (de Metallica) :Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu  et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). Ensuite: Désactive la restauration systéme. Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système". clic sur ok pour valider Redémarre en mode sans échec Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows. Choisis le mode sans échec dans les options et valide avec entrée. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU) - Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu - Coches la case Show log after script ends - Clique sur Execute pour que le fix fasse son boulot :-) Attends que le message Complete script execution apparaîsse et clique sur OK. Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum. Clique Exit pour fermer le programme BFU. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence. Clique sur Scan pour lancer l'analyse. Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME" Puis valide. Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Après le reboot du pc, les fichiers : C:\windows\system32\uhfabgkr.exe c:\WINDOWS\SYSTEM32\UHFABGKR.DAT c:\WINDOWS\SYSTEM32\UHFABGKR_nav.DAT c:\WINDOWS\SYSTEM32\UHFABGKR_navps.DAT c:\WINDOWS\Prefetch\UHFABGKR.PF devraient être visible et pouvoir être supprimés sans aucuns soucis. Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même: Va dans C:\windows\system32\ et recherches et effaces:  uhfabgkr.exe.renUHFABGKR.DAT.renUHFABGKR_nav.DAT.renUHFABGKR_navps.DAT.renUne fois fait, reposte un rapport hijackthis + le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight. Juste pour info, tu as eu installé le logiciel mailskinner ? (emoticone pour la messagerie) Tu peux verifier s il est dans ajout/suppression de programme?S'il s y trouve, desinstalle le. bon nettoyage et bon courage ;-)

sserguei · Answer

BonjourCi joint les rapportsje n'ai pas le programme mailskinner dans ajout/supression programmeJe n'ai pas eu de rappotrt Blacklight autre que celui que je transmet iciJe n'ai trouvé qu'un seul fichier uhfabgkr que je n'ai pas supprimé pour l'instantDois je vider la poubelle ou se trouve des fichiers uhfabkr nav et et uhfabkr navps (neromediaplayer?)07/16/06 18:26:29 [Info]: BlackLight Engine 1.0.42 initialized07/16/06 18:26:29 [Info]: OS: 5.1 build 2600 ()07/16/06 18:26:36 [Note]: 7019 407/16/06 18:26:36 [Note]: 7005 007/16/06 18:26:40 [Note]: 7006 007/16/06 18:26:40 [Note]: 7011 142407/16/06 18:26:41 [Note]: 7026 007/16/06 18:26:41 [Note]: 7026 007/16/06 18:26:54 [Note]: FSRAW library version 1.7.101907/16/06 18:27:04 [Note]: 2000 100607/16/06 18:27:20 [Note]: 7007 0BFU v1.00.9Windows XP (WinNT 5.01.2600 )Script started at 17:47:52, on 16/07/2006Option Delete files to Recycle Bin: YesFailed: DllUnregister C:\WINDOWS\System32\MSWBM32.DLL|1 (file not found)Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)Failed: FolderDelete C:\Program Files\dialpass (folder not found)Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)Failed: FolderDelete C:\Program Files\egroup (folder not found)Failed: FolderDelete C:\Program Files\Instant Access (folder not found)Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)Failed: DllUnregister C:\WINDOWS
avmpc\2_navmpc.dll|1 (file not found)Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)Failed: FolderDelete C:\WINDOWS
avmpc (folder not found)Failed: FileDelete C:\DOCUME~1\BWA\LOCALS~1\Temp\~DF5358.tmp (operation failed)Script completed.Logfile of HijackThis v1.99.1Scan saved at 18:14:57, on 16/07/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exeC:\Program Files\Trend Micro\PC-cillin 9\pccguide.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exeC:\Program Files\Ahead\InCD\InCD.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\Iomega\AutoDisk\ADUserMon.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\Program Files\a-squared Anti-Malware\a2guard.exeC:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXEC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\BWA\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exeO4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exeO4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTARTO4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"O4 - HKLM\..\Run: [fymue.exe] C:\WINDOWS\System32\fymue.exeO4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B215F81D-1877-4C1D-B833-EE9696035F4E}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exeO23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeO23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exeA plusMerci

Regis59 · Answer

SalutOui tu peux vider ta poubelle mais (neromediaplayer?) s il s y trouve, restore le.Bon il reste encore une infection:Telecharge cecihttps://www.silentrunners.org/Silent%20Runners.vbs Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donneraA+

sserguei · Answer

BonjourVoila l'analyse"Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Ulead Memory Card Detector" = "C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" ["Ulead Systems, Inc."]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot" ["RealNetworks, Inc."]"SystemTray" = "SysTray.Exe" [MS]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"Pop3trap.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"" ["Trend Micro Inc."]"pccguide.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"" ["Trend Micro Inc."]"PCCClient.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"" ["Trend Micro Inc."]"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]"NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"pdfw" = "C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe" ["Bastea, Inc."]A + Merci

sserguei · Answer

re bonjourune autre analyse "Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Ulead Memory Card Detector" = "C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" ["Ulead Systems, Inc."]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"SystemTray" = "SysTray.Exe" [MS]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"Pop3trap.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"" ["Trend Micro Inc."]"pccguide.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"" ["Trend Micro Inc."]"PCCClient.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"" ["Trend Micro Inc."]"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]"NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"pdfw" = "C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe" ["Bastea, Inc."]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]"ADUserMon" = "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"]"Iomega Drive Icons" = "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]"Deskup" = "C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"]"a-squared" = ""C:\Program Files\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"]"zchzt.exe" = "C:\WINDOWS\System32\zchzt.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{873eb32d-ae1a-4183-89bd-45a77f761be4}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\WINDOWS\System32\ixt0.dll" [file not found]{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)  -> {HKLM...CLSID} = "ST"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)  -> {HKLM...CLSID} = "MSNToolBandBHO"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"  -> {HKLM...CLSID} = "Menu Band"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"  -> {HKLM...CLSID} = "Tracking Shell Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"  -> {HKLM...CLSID} = "Menu Site"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"  -> {HKLM...CLSID} = "Menu Desk Bar"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"  -> {HKLM...CLSID} = "IShellFolderBand"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Liens"  -> {HKLM...CLSID} = "&Liens"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"  -> {HKLM...CLSID} = "Thumbnail Image"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]"{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"  -> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"  -> {HKLM...CLSID} = "TMD Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Trend Micro\PC-cillin 9\Tmdshell.dll" ["Trend Micro Inc."]"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"  -> {HKLM...CLSID} = "VBPropSheet"                   \InProcServer32\(Default) = "C:\Program Files\Trend Micro\PC-cillin 9\VBProp.dll" ["Trend Micro Inc."]"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"  -> {HKLM...CLSID} = "Shell Extension for CDRW"                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"  -> {HKLM...CLSID} = "AVG7 Find Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {HKLM...CLSID} = "Portable Media Devices"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"  -> {HKLM...CLSID} = "IomegaWare Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."]"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"  -> {HKLM...CLSID} = "IomegaWare Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."]"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"  -> {HKLM...CLSID} = "a-squared context menu"                   \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" ["Emsi Software GmbH"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"System" = (value not set)HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided)  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"  -> {HKLM...CLSID} = "a-squared context menu"                   \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" ["Emsi Software GmbH"]AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateEnabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\Aubade.scr" [null data]Startup items in "BWA" & "All Users" startup folders:-----------------------------------------------------C:\Documents and Settings\BWA\Menu Démarrer\Programmes\Démarrage"Microsoft Recherche accélérée" -> shortcut to: "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Contrôleur de calendrier Ulead" -> shortcut to: "C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]"Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g" -> shortcut to: "C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe" [" "]"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]Enabled Scheduled Tasks:------------------------"Démarrage du programme de réglages" -> launches: "walign" [file not found]"B30AE1F390658ED7" -> launches: "c:\docume~1\bwa\applic~1\stopco~1\Program Safe Option.exe" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:%SystemRoot%\system32\mswsock.dll [MS], 1 - 4%SystemRoot%\system32\rsvpsp.dll [MS], 5 - 6Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"  -> {HKLM...CLSID} = "MSN"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"  -> {HKLM...CLSID} = "MSN"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{C80DDAAA-310C-459B-9535-8370B4EBDA1F}\"ButtonText" = "Lancer Voissa Anonymo""MenuText" = "Tools Menu Item""Exec" = "C:\Program Files\Voissa anonymo\Voissaanonymo.exe" [empty string]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"Missing lines (compared with English-language version):[Strings]: 1 lineRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" [null data]Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]PC-cillin PersonalFirewall, PCCPFW, "C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe" ["Trend Micro Inc."]Trend NT Realtime Service, Tmntsrv, ""C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe"" ["Trend Micro Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "No" at the first message box.---------- (total run time: 559 seconds, including 18 seconds for message boxes)a+merci

Regis59 · Answer

SalutRedonne un Hijack this et je te donne un manip a faireCe qui ne faut pas oublié de supprimer c est ceci:"zchzt.exe" = "C:\WINDOWS\System32\zchzt.exe" [null data] C'est lui qui reactive l infection a chaque fois.On va y arriver :-)a+

Regis59 · Answer

Salut ssguei,Et aussi un silent runner recent d aujourd hui, au cas ou il aurait changer de nom (eh ouais les infections sont malignes et evoluent, parfois, a chaque redemarrage, le nom change)Et je te donne la manip;-)

sserguei · Answer

re bonjourci joint rapport"Silent Runners.vbs", revision 46, https://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Ulead Memory Card Detector" = "C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" ["Ulead Systems, Inc."]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"SystemTray" = "SysTray.Exe" [MS]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"Pop3trap.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"" ["Trend Micro Inc."]"pccguide.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"" ["Trend Micro Inc."]"PCCClient.exe" = ""C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"" ["Trend Micro Inc."]"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]"NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"pdfw" = "C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe" ["Bastea, Inc."]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]"ADUserMon" = "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"]"Iomega Drive Icons" = "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]"Deskup" = "C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"]"a-squared" = ""C:\Program Files\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"]"fxcom.exe" = "C:\WINDOWS\System32\fxcom.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)  -> {HKLM...CLSID} = "ST"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)  -> {HKLM...CLSID} = "MSNToolBandBHO"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"  -> {HKLM...CLSID} = "Menu Band"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"  -> {HKLM...CLSID} = "Tracking Shell Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"  -> {HKLM...CLSID} = "Menu Site"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"  -> {HKLM...CLSID} = "Menu Desk Bar"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"  -> {HKLM...CLSID} = "IShellFolderBand"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Liens"  -> {HKLM...CLSID} = "&Liens"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"  -> {HKLM...CLSID} = "Thumbnail Image"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]"{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"  -> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"  -> {HKLM...CLSID} = "TMD Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Trend Micro\PC-cillin 9\Tmdshell.dll" ["Trend Micro Inc."]"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"  -> {HKLM...CLSID} = "VBPropSheet"                   \InProcServer32\(Default) = "C:\Program Files\Trend Micro\PC-cillin 9\VBProp.dll" ["Trend Micro Inc."]"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"  -> {HKLM...CLSID} = "Shell Extension for CDRW"                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"  -> {HKLM...CLSID} = "AVG7 Find Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {HKLM...CLSID} = "Portable Media Devices"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"  -> {HKLM...CLSID} = "IomegaWare Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."]"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"  -> {HKLM...CLSID} = "IomegaWare Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."]"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"  -> {HKLM...CLSID} = "a-squared context menu"                   \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" ["Emsi Software GmbH"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"System" = (value not set)HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided)  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"  -> {HKLM...CLSID} = "a-squared context menu"                   \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" ["Emsi Software GmbH"]AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateEnabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\Aubade.scr" [null data]Startup items in "BWA" & "All Users" startup folders:-----------------------------------------------------C:\Documents and Settings\BWA\Menu Démarrer\Programmes\Démarrage"Microsoft Recherche accélérée" -> shortcut to: "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"Contrôleur de calendrier Ulead" -> shortcut to: "C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]"Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g" -> shortcut to: "C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe" [" "]"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]Enabled Scheduled Tasks:------------------------"Démarrage du programme de réglages" -> launches: "walign" [file not found]"B30AE1F390658ED7" -> launches: "c:\docume~1\bwa\applic~1\stopco~1\Program Safe Option.exe" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:%SystemRoot%\system32\mswsock.dll [MS], 1 - 4%SystemRoot%\system32\rsvpsp.dll [MS], 5 - 6Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"  -> {HKLM...CLSID} = "MSN"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]HKLM\Software\Microsoft\Internet Explorer\Toolbar\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"  -> {HKLM...CLSID} = "MSN"                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)  -> {HKLM...CLSID} = "&Google"                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Console Java (Sun)""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{C80DDAAA-310C-459B-9535-8370B4EBDA1F}\"ButtonText" = "Lancer Voissa Anonymo""MenuText" = "Tools Menu Item""Exec" = "C:\Program Files\Voissa anonymo\Voissaanonymo.exe" [empty string]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"Missing lines (compared with English-language version):[Strings]: 1 lineRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]InCD File System Service, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" [null data]Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]PC-cillin PersonalFirewall, PCCPFW, "C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe" ["Trend Micro Inc."]Trend NT Realtime Service, Tmntsrv, ""C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe"" ["Trend Micro Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,  use the -supp parameter or answer "No" at the first message box.---------- (total run time: 343 seconds, including 4 seconds for message boxes)a +merci

Regis59 · Answer

Bonjour, Méthode à suivre dans l'ordre... ---------------------------------------------------------------------------- ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite: 1/Spybot S&D 1.4 https://www.safer-networking.org/ Démo d’utilisation (merci à Balltrap34 pour cette réalisation).http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm2/Ad-Aware SE 1.06 https://www.adaware.com/ -Une aide:http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc - installe le patch français, tu pourras le trouver ici: http://download.lavasoft.de.edgesuite.net/public/pllangs.exe et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).http://pageperso.aol.fr/balltrap34/adawrevid.asf 3/ Ewido: http://perso.orange.fr/entraide-hijackthis/Ewido/  Installation puis mises à jour. 4/ Ccleaner :https://www.pcastuces.com/logitheque/ccleaner.htm ---------------------------------------------------------------------------- ¤Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer !----------------------------------Lance le fix wareout;Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish. Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing) O4 - HKLM\..\Run: [fxcom.exe] C:\WINDOWS\System32\fxcom.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{B215F81D-1877-4C1D-B833-EE9696035F4E}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC---------------------------------------------------------------------------- ¤Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------¤Recherche et supprime ceci: attention seulement les fichiers  (si présents).C:\WINDOWS\System32\fxcom.exe ----------------------------------------------------------------------------¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.----------------------------------------------------------------------------¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…----------------------------------------------------------------------------¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…-------------------------------------------------------------------------------------------¤ Lance CCleaner.  Suppression des fichiers temporairesVa dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)•	Clique sur Analyse•	Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.•	Une fois le scan terminé, clique sur Lancer le Nettoyage Suppression des incohérence du registre•	Clique sur l'icône Erreurs situés dans la marge à gauche.•	Puis clique sur Analyser les erreurs•	Patiente pendant que CCleaner scan ton registre.•	Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.•	Tu peux cliquer ensuite sur Corriger les erreurs.Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement----------------------------------------------------------------------------¤ Vide ta Corbeille.----------------------------------------------------------------------------¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.Précise tes soucis s’il en reste.... Tiens-moi au courant  A+

sserguei · Answer

bonjourci joint les rapportsLogfile of HijackThis v1.99.1Scan saved at 13:00:46, on 19/07/2006Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exeC:\Program Files\Trend Micro\PC-cillin 9\pccguide.exeC:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exeC:\Program Files\Ahead\InCD\InCD.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Iomega\AutoDisk\ADUserMon.exeC:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\Program Files\a-squared Anti-Malware\a2guard.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeC:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXEC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\BWA\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exeO4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exeO4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTARTO4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = ?O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exeO23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exeO23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exeje ne sais pas ou est passé le rapport Ewido qui a détecté Dowloader.Agent.tc et Trojan.DNSChanger.ef te le faut-il?a +merci

Regis59 · Answer

SalutFixe ceci:O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3129B59-27C3-4237-846E-D801E1B47F90}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3603B1-68B0-4497-9A4A-4A72D5575E27}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 O17 - HKLM\System\CS2\Services\Tcpip\..\{A3D486D0-5290-43C4-B136-8CC73007D8DB}: NameServer = 85.255.116.141,85.255.112.15 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.141 85.255.112.15 ****Aller dans Démarrer > Panneau de configuration > Connexions > clic droit sur la connexion > Propriétés > onglet Gestion de réseauMettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.116.141 85.255.112.15 )Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.Remet 1  Hijackthis pour vérifier.

Regis59 · Answer

SalutSuper !Ou en sont tes soucis?a+

sserguei · Answer

BonjourPlus d'affichage intempestifs,Un peu lent au démarrage,J'ai Pc Cilin comme anti virus mise à jour journalère,A ton avis mieux supprimer a-squared?que j'ai téléchargé essai 30 jours?J'ai dans WINDOWS\SYSTEM32\uhfabgkr.exe 250ko du 10/07/2006Mieux vaut le supprimer?A quelle fréquence faut il passer Spybot, Ccleaner, ...A +

Regis59 · Answer

Re !Il est temps de proteger ton pc en installant le sp1 ou le sp2 (ce sont des mises a jour windows afin de corriger les failles de XP)Microsoft met a disposition des mises a jour afin de pouvoir corriger les failles des systemes d exploitations. Un pc correctement mis a jour est mieux protégé et a moins de chances de choper une infection : http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=fr Pour a² oui supprime le.Je te conseillerais de garder ewido.Pour uhfabgkr.exe , il me semble etre infecté:Rend toi sur ce site :http://www.virustotal.com/xhtml/virustotal_en.html Clik sur parcourirRecherche ceci :WINDOWS\SYSTEM32\uhfabgkr.exeClik send et colle le rapport stpPour les programmes de securité.Si tu es en adsl et que tu surfs tres souvent, cad qu il est souvent connecté a internet, il faut deja les mettre a jour toutes les semaines, et aussi faire un scan de tes programmes tous les 3semaines environs ! (mais les mises a jour c est toutes les semaines !!)A+

sserguei · Answer

bonjourci joint le rapport virustotal pour le fichier indiquéVirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.          Select file :             DistributeSSL           Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:News Hot news in the virus/antivirus sector. Estadisticas Statistics of VirusTotal procesing. Virustotal More info about Virustotal.  STATUS: FINISHEDComplete scanning result of "uhfabgkr.exe", received in VirusTotal at 07.21.2006, 10:32:40 (CET).Antivirus Version Update Result AntiVir 6.35.0.21 07.21.2006  no virus found Authentium 4.93.8 07.20.2006  no virus found Avast 4.7.844.0 07.19.2006  no virus found AVG 386 07.20.2006  no virus found BitDefender 7.2 07.21.2006  no virus found CAT-QuickHeal 8.00 07.20.2006 (Suspicious) - DNAScan ClamAV devel-20060426 07.20.2006  no virus found DrWeb 4.33 07.20.2006  no virus found eTrust-InoculateIT 23.72.74 07.20.2006  no virus found eTrust-Vet 12.6.2305 07.21.2006  no virus found Ewido 4.0 07.20.2006  no virus found Fortinet 2.77.0.0 07.20.2006  no virus found F-Prot 3.16f 07.20.2006  no virus found F-Prot4 4.2.1.29 07.20.2006  no virus found Ikarus 0.2.65.0 07.21.2006 Backdoor.Win32.Iroffer.Z Kaspersky 4.0.2.24 07.21.2006  no virus found McAfee 4811 07.20.2006  no virus found Microsoft 1.1508 07.21.2006  no virus found NOD32v2 1.1671 07.20.2006  no virus found Norman 5.90.23 07.21.2006  no virus found Panda 9.0.0.4 07.20.2006 Suspicious file Sophos 4.07.0 07.21.2006  no virus found Symantec 8.0 07.21.2006  no virus found TheHacker 5.9.8.179 07.21.2006  no virus found UNA 1.83 07.20.2006  no virus found VBA32 3.11.0 07.20.2006  no virus found VirusBuster 4.3.7:9 07.21.2006 no virus found Aditional Information File size: 256000 bytes MD5: dd17e83ea2b272dec5928391479c232d SHA1: 351baba5df0572e8129f8a80c612a3d1836bc70e packers: PecBundle, PECompact

Regis59 · Answer

SalutSupprime ceci:WINDOWS\SYSTEM32\uhfabgkr.exe Et dis moi ou en sont tes soucis?a+

Regis59 · Answer

SalutDe rien,Bonne continuation,au plaisir :-)

Analyse HijackThis

25 réponses

Votre réponse

Discussions similaires

Newsletters