Virus Dialer aide pour log hijackthis

jojo -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Salut
monpc est infecter par un dialer
j orai besoin d aide pour le log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 11:34:20, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D68E1862-17C3-41D5-8055-39EE9D886730} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

merci d avance

a+

62 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Un PC est infecté par un dialer et le log HijackThis révèle des entrées suspectes et des services actifs, nécessitant une évaluation précise et des mesures de décontamination. Des réponses utiles suggèrent d'analyser les composants problématiques via VirusTotal et d'utiliser Pocket KillBox pour supprimer les fichiers tenaces, puis de relancer un scan pour vérifier le nettoyage. Pour progresser, il faut cibler les éléments suspects identifiés dans le log, notamment les barres d'outils et les BHO non signés, puis désactiver les entrées Run et les services malveillants. En cas de doute, un contrôle des programmes détectés via VirusTotal peut orienter vers des actions ciblées et réduire les risques de résurgence, tout en renouvelant les analyses de sécurité.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut;

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
    0
  2. jojo
     
    voila le rapport de virtumundo:

    [07/18/2006, 12:32:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jordan\Bureau\VirtumundoBeGone.exe" )
    [07/18/2006, 12:32:41] - Detected System Information:
    [07/18/2006, 12:32:41] - Windows Version: 5.1.2600, Service Pack 2
    [07/18/2006, 12:32:41] - Current Username: Jordan (Admin)
    [07/18/2006, 12:32:41] - Windows is in NORMAL mode.
    [07/18/2006, 12:32:41] - Searching for Browser Helper Objects:
    [07/18/2006, 12:32:41] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [07/18/2006, 12:32:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [07/18/2006, 12:32:41] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
    [07/18/2006, 12:32:41] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [07/18/2006, 12:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/18/2006, 12:32:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [07/18/2006, 12:32:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [07/18/2006, 12:32:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/18/2006, 12:32:41] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [07/18/2006, 12:32:41] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [07/18/2006, 12:32:41] - BHO 8: {D68E1862-17C3-41D5-8055-39EE9D886730} ()
    [07/18/2006, 12:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/18/2006, 12:32:41] - Checking for HKLM\...\Winlogon\Notify\vtsts
    [07/18/2006, 12:32:41] - Found: HKLM\...\Winlogon\Notify\vtsts - This is probably Virtumundo.
    [07/18/2006, 12:32:41] - Assigning {D68E1862-17C3-41D5-8055-39EE9D886730} MSEvents Object
    [07/18/2006, 12:32:41] - BHO list has been changed! Starting over...
    [07/18/2006, 12:32:41] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [07/18/2006, 12:32:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [07/18/2006, 12:32:41] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
    [07/18/2006, 12:32:41] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [07/18/2006, 12:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/18/2006, 12:32:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [07/18/2006, 12:32:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [07/18/2006, 12:32:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/18/2006, 12:32:41] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [07/18/2006, 12:32:41] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [07/18/2006, 12:32:41] - BHO 8: {D68E1862-17C3-41D5-8055-39EE9D886730} (MSEvents Object)
    [07/18/2006, 12:32:42] - ALERT: Found MSEvents Object!
    [07/18/2006, 12:32:42] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
    [07/18/2006, 12:32:42] - Finished Searching Browser Helper Objects
    [07/18/2006, 12:32:42] - *** Detected MSEvents Object
    [07/18/2006, 12:32:42] - Trying to remove MSEvents Object...
    [07/18/2006, 12:32:43] - Terminating Process: IEXPLORE.EXE
    [07/18/2006, 12:32:43] - Terminating Process: RUNDLL32.EXE
    [07/18/2006, 12:32:43] - Disabling Automatic Shell Restart
    [07/18/2006, 12:32:43] - Terminating Process: EXPLORER.EXE
    [07/18/2006, 12:32:44] - Suspending the NT Session Manager System Service
    [07/18/2006, 12:32:44] - Terminating Windows NT Logon/Logoff Manager
    [07/18/2006, 12:37:46] - Re-enabling Automatic Shell Restart
    [07/18/2006, 12:37:46] - File to disable: C:\WINDOWS\system32\vtsts.dll
    [07/18/2006, 12:37:46] - Renaming C:\WINDOWS\system32\vtsts.dll -> C:\WINDOWS\system32\vtsts.dll.vir
    [07/18/2006, 12:37:46] - File successfully renamed!
    [07/18/2006, 12:37:46] - Removing HKLM\...\Browser Helper Objects\{D68E1862-17C3-41D5-8055-39EE9D886730}
    [07/18/2006, 12:37:46] - Removing HKCR\CLSID\{D68E1862-17C3-41D5-8055-39EE9D886730}
    [07/18/2006, 12:37:46] - Adding Kill Bit for ActiveX for GUID: {D68E1862-17C3-41D5-8055-39EE9D886730}
    [07/18/2006, 12:37:46] - Deleting ATLEvents/MSEvents Registry entries
    [07/18/2006, 12:37:46] - Removing HKLM\...\Winlogon\Notify\vtsts
    [07/18/2006, 12:37:46] - Searching for Browser Helper Objects:
    [07/18/2006, 12:37:46] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [07/18/2006, 12:37:46] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [07/18/2006, 12:37:46] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
    [07/18/2006, 12:37:46] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [07/18/2006, 12:37:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/18/2006, 12:37:46] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [07/18/2006, 12:37:46] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [07/18/2006, 12:37:46] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/18/2006, 12:37:46] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [07/18/2006, 12:37:46] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [07/18/2006, 12:37:46] - BHO 8: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
    [07/18/2006, 12:37:46] - Finished Searching Browser Helper Objects
    [07/18/2006, 12:37:46] - Finishing up...
    [07/18/2006, 12:37:46] - A restart is needed.
    [07/18/2006, 12:37:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
    [07/18/2006, 12:38:31] - Attempting to Restart via STOP error (Blue Screen!)

    [07/18/2006, 12:42:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jordan\Bureau\VirtumundoBeGone.exe" )
    [07/18/2006, 12:43:07] - Detected System Information:
    [07/18/2006, 12:43:07] - Windows Version: 5.1.2600, Service Pack 2
    [07/18/2006, 12:43:07] - Current Username: Jordan (Admin)
    [07/18/2006, 12:43:07] - Windows is in NORMAL mode.
    [07/18/2006, 12:43:07] - Searching for Browser Helper Objects:
    [07/18/2006, 12:43:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [07/18/2006, 12:43:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [07/18/2006, 12:43:07] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
    [07/18/2006, 12:43:07] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [07/18/2006, 12:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/18/2006, 12:43:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [07/18/2006, 12:43:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [07/18/2006, 12:43:07] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/18/2006, 12:43:07] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [07/18/2006, 12:43:07] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [07/18/2006, 12:43:07] - BHO 8: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
    [07/18/2006, 12:43:07] - Finished Searching Browser Helper Objects
    [07/18/2006, 12:43:07] - Finishing up...
    [07/18/2006, 12:43:07] - Nothing found! Exiting...

    et le rapport de hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:47:19, on 18/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\TEMP\win47.tmp.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

    merci

    a+
    0
  3. jojo
     
    l ecran bleu avec erreur fatale je l ai pa vu
    0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4
    https://www.safer-networking.org/

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06
    https://www.adaware.com/
    -Une aide:
    http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    3/ Ewido:

    http://perso.orange.fr/entraide-hijackthis/Ewido/

    Installation puis mises à jour.

    4/ Ccleaner :

    https://www.pcastuces.com/logitheque/ccleaner.htm
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINDOWS\system32\nvsvcd.exe
    C:\WINDOWS\system\smss.exe

    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: Windows Log

    Règle-le sur "Arrêté" et "Désactivé".
    ----------------------------------------------------------------------------
    ¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    -------------------------------------------------------------------------------------------
    ¤ Lance CCleaner.

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
    • Clique sur Analyse
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur Lancer le Nettoyage

    Suppression des incohérence du registre

    • Clique sur l'icône Erreurs situés dans la marge à gauche.
    • Puis clique sur Analyser les erreurs
    • Patiente pendant que CCleaner scan ton registre.
    • Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
    • Tu peux cliquer ensuite sur Corriger les erreurs.
    Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jojo
     
    salut et merci

    mais je n ai pa reusssi a avoir le raport d ewido car il arete le scan avant la fin ( il me mettai reste 5 min et 10 sec apre plu rien)

    je n ai pa reussi a supprimer C:\windows\system\smss.exe (il m a refuser l acce)

    mai j ai kan mm le log de hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:15:14, on 19/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\TEMP\win5.tmp.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    merci de m aider

    A+
    0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    Clik send et colle le rapport stp

    A+
    0
  8. jojo
     
    re

    vla:

    Antivirus Version Update Result
    AntiVir 6.35.0.21 07.19.2006 TR/Sweetie
    Authentium 4.93.8 07.18.2006 no virus found
    Avast 4.7.844.0 07.19.2006 no virus found
    AVG 386 07.18.2006 no virus found
    BitDefender 7.2 07.19.2006 no virus found
    CAT-QuickHeal 8.00 07.19.2006 no virus found
    ClamAV devel-20060426 07.19.2006 no virus found
    DrWeb 4.33 07.19.2006 no virus found
    eTrust-InoculateIT 23.72.72 07.19.2006 no virus found
    eTrust-Vet 12.6.2301 07.19.2006 no virus found
    Ewido 4.0 07.19.2006 no virus found
    Fortinet 2.77.0.0 07.19.2006 no virus found
    F-Prot 3.16f 07.18.2006 no virus found
    F-Prot4 4.2.1.29 07.18.2006 no virus found
    Ikarus 0.2.65.0 07.19.2006 no virus found
    Kaspersky 4.0.2.24 07.19.2006 no virus found
    McAfee 4809 07.18.2006 no virus found
    Microsoft 1.1508 07.18.2006 no virus found
    NOD32v2 1.1668 07.19.2006 no virus found
    Norman 5.90.23 07.19.2006 no virus found
    Panda 9.0.0.4 07.19.2006 Suspicious file
    Sophos 4.07.0 07.19.2006 no virus found
    Symantec 8.0 07.19.2006 no virus found
    TheHacker 5.9.8.177 07.18.2006 no virus found
    UNA 1.83 07.19.2006 no virus found
    VBA32 3.11.0 07.19.2006 no virus found
    VirusBuster 4.3.7:9 07.18.2006 no virus found

    Aditional Information
    File size: 552960 bytes
    MD5: be8a8e331c0ae20676f0776259ffae93
    SHA1: d35fddac6d54407f4d08fe56cd924cb7d653b82f
    0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    dans ajout suppression de programme, desinstalles ceci
    Macrogaming

    Puis supprime ici:
    C:\Program Files\Macrogaming

    Et dis moi les soucis qu il te reste?

    a+
    0
  10. jojo
     
    je te remercie mai ce n est pa grave si je n ai pa reussi a supprimer
    C:\WINDOWS\system\smss.exe ???
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Tu as bien essayé de le supprimer dans:

    C:\windows\system

    Celui situé dans systeme32 lui est sain !

    A+
    0
  12. jojo
     
    salut

    merci bcp pour ton aide tt a l air de fonctionner normalement!!!

    plu de panneau de dialer s affichan o demarage et avast ne me signale plu de virus

    mci bcp

    A+ (un jour peut etre ^^)
    0
  13. jojo
     
    g kan mm une ptite question::

    est ce que c normal que ewido continue a me signaler un dialer??

    A+
    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Non ce n est pas normal lol
    Lance ewido et copie colle le rapport :-)

    a++
    0
  15. jojo
     
    re

    voila chef^^

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 23:24:39 19/07/2006

    + Scan result:

    C:\WINDOWS\system32\fccaayw.dll -> Adware.Virtumonde : No action taken.
    C:\WINDOWS\system32\vtsts.dll.vir -> Adware.Virtumonde : No action taken.
    :mozilla.12:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.13:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.14:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.15:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.16:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.61:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.62:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.63:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.64:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.65:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.66:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.90:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.91:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.96:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.36:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.37:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.20:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.51:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.105:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.41:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.34:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.50:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\Jordan\Cookies\jordan@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.19:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.25:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.26:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.27:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.28:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.34:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
    :mozilla.37:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
    :mozilla.38:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
    :mozilla.82:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.33:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Estat : No action taken.
    :mozilla.12:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.18:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.20:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.22:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.23:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.24:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.49:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.43:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.10:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.11:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.7:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.8:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.9:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.29:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.30:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.33:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.42:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.43:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.48:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    C:\Documents and Settings\Jordan\Cookies\jordan@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.41:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.47:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.31:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.35:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.36:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.13:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.14:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.15:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.16:C:\Documents and Settings\Mme BEAUMONT\Application Data\Mozilla\Firefox\Profiles\ssxsikwx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.23:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.24:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.25:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.26:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\fpve1q2c.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\AntiVirScan.exe -> Worm.VB.dz : No action taken.
    C:\bac.exe -> Worm.VB.dz : No action taken.
    C:\bac2.exe -> Worm.VB.dz : No action taken.

    ::Report end

    A+
    0
  16. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Wahou, il en restait pas mal !!

    Relance ewido et cette fois supprime tout ce que ewido trouve.

    a+
    0
  17. jojo
     
    Re

    g remarquer que les dialer se deplace toujours dans C:\WINDOWS\TEMP\idd**.temp.exe

    et ewido ne marche pa tre bien quand je met scan complet il s eteint au bous de 6 min de scan :(

    A+
    0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Lance ce scan en ligne:
    http://www.bitdefender.fr/scan8/ie.html
    Copie/colle le rapport
    0
  19. jojo
     
    salut

    voila g fait le scan :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Thu, Jul 20, 2006 - 14:18:53

    Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

    Statistiques

    Temps

    01:44:19

    Fichiers

    490251

    Directoires

    5760

    Secteurs de boot

    3

    Archives

    7822

    Paquets programmes

    40805

    Résultats

    Virus identifiés

    3

    Fichiers infectés

    12

    Fichiers suspects

    0

    Avertissements

    0

    Désinfectés

    0

    Fichiers effacés

    12

    Info sur les moteurs

    Définition virus

    415090

    Version des moteurs

    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Analyse des plugins

    13

    Archive des plugins

    39

    Unpack des plugins

    5

    E-mail plugins

    6

    Système plugins

    1

    Paramètres d'analyse

    Première action

    Désinfecté

    Seconde Action

    Supprimé

    Heuristique

    Oui

    Acceptez les avertissements

    Oui

    Extensions analysées

    *;

    Excludez les extensions

    Analyse d'emails

    Oui

    Analyse des Archives

    Oui

    Analyser paquets programmes

    Oui

    Analyse des fichiers

    Oui

    Analyse de boot

    Oui

    Fichier analysé

    Statut

    C:\AntiVirScan.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\AntiVirScan.exe

    Echec de la désinfection

    C:\AntiVirScan.exe

    Supprimé

    C:\bac.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\bac.exe

    Echec de la désinfection

    C:\bac.exe

    Supprimé

    C:\bac2.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\bac2.exe

    Echec de la désinfection

    C:\bac2.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP116\A0016634.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP116\A0016634.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP116\A0016634.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017609.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017609.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017609.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017610.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017610.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017610.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017611.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017611.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP120\A0017611.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)=>iexplorer.exe

    Infecté par: Trojan.Clicker.VB.IB

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)=>iexplorer.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)=>iexplorer.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0002567.exe=>(CAB Sfx r)

    Echec de la mise à jour

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP25\A0002988.exe

    Infecté par: Trojan.Downloader.NI

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP25\A0002988.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP25\A0002988.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003249.exe

    Infecté par: Trojan.Downloader.NI

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003249.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003249.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003250.exe

    Infecté par: Trojan.Downloader.NI

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003250.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0003250.exe

    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP61\A0006809.exe

    Infecté par: Worm.P2P.VB.Bacteria.B

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP61\A0006809.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP61\A0006809.exe

    Supprimé

    A+
    0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Ou en sont tes soucis?

    a+
    0
  21. jojo
     
    slt

    ewido continu a me signaler un dialer.agent.Z

    et des fois il y a une sorte de sonnerie de telephone et juste apre il ya un panneau disant "connessione imposible....."

    ca me parrait louche ^^

    A+
    0
  • 1
  • 2
  • 3
  • 4