[Virus] Pop-up sans arrêt virus -Bitcomet

Jean-Philippe Guérin -  
 Jean-Philippe -
Bon, je peux vous dire que c'est rare que je demande de l'aide car j'arrive généralement à me débrouiller, mais là je dois avouer que je sais plus quoi faire, j'ai lis des postes pour des problèmes semblable à moi, mais j'arrivais pas à comprendre. Donc voila mon problème; j'avais BitComet, une ancienne version, ils m'ont dit de télécharger une nouvelle version car il y a une chance de virus avec celle-ci, j'ai ignoré l'avertissement et j'ai terminé mon téléchargement, le problème est qu'il s'est passé je sais trop quoi et je me suis mis à avoir plein d'erreur pas rapport. Donc j'ai tout fermé, et j'ai fait un scan avec Avast!4, Spybot et Ad-Aware, çà m'a enlevé beaucoup de merde de spyware mais au bout de la ligne j'ai toujours des sacrés pop-up quand j'ouvre internet explorer principalement, et ce sont souvent des pop-up du genre; partypoker ... ! Merci énormement de votre aide !! :D
Configuration: Haute vitesse
Windows Xp SP2
Amd athlon 3200+

32 réponses

  • 1
  • 2
  1. Jean-Philippe Guérin
     
    Bonjour,

    Ouais Marie, je fais tout ce que Kristopher me demande. Il ne me reste que BD a terminer dans ce qu'il m'a demandé et je peux dire tout suite que j'ai encore le virus.. ! Comment est-ce que je fais pour avoir le log complet de BitDefender? J'y arrive pas..! Pour ton programme Marie et bien il ne s'initialise pas; çà me dit:

    F-Secure Blacklight could not acquire necessary privileges.(SeDebugPrivilege)

    -Your computer settings may prevent acquiring these privileges.
    -A malicious program might disabled these privileges.

    J'ai désactivé mon firewall et mon anti-virus. Et çà n'a rien changé.

    Je vous envoie mon BD log dans pas long.. si vous me dites comment car je n'y arrive pas ! :S
    1
  2. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Bon...JOUR ? (pas étonnant que personne ne te réponde)

    Pour commencer, rends toi ici :

    virus methode preliminaire de desinfection version fr

    Suis le tutoriel et effectue soigneusement ce qui est demandé.

    N'oublie pas de copier/coller les 3 rapports à la fin.

    Bonne après-midi, Kristopher
    0
  3. Jean-Philippe Guérin
     
    Bonjour, désolé pour mon manque de savoir vivre sur le fait de vous dire bonjour, je suis habitué d'être sur un forum de hockey ou nous parlons pas très bien ... complètement désolé. Donc pour mon problème j'ai fait 2 scans sur 3 car le 2ieme etant l'antivirus doit prendre environ 4h étant donné mon disque dur assez énorme. Je vous donne donc les résultats des 2 autres, et si vous devez avoir absolument le 3ieme, et bien je suis après le faire à l'instant même. Pour votre information, mon problème est toujours là après le scan sur les spywares.. merci ! Jean-Philippe

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:30:58 2006-09-08

    + Scan result:

    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Mes documents\My Completed Downloads\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP894ZLG\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\UP87EXQ5\xpl[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\AN0FAZ2L\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\T0OFLTCD\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Program Files\BitComet\Downloads\Google Earth Pro Map (Full Cracked).rar/GoogleEarthPro.exe/iexplorer.exe -> Hijacker.VB.ib : Cleaned with backup (quarantined).
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\UP87EXQ5\new3[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Ignored.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\ICD4.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
    C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
    C:\Installation\Nudge.zip/Nudge.exe -> Not-A-Virus.IMFlooder.Win32.VB.dn : Ignored.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.13:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.212:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.220:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.29:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.30:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.31:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.32:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@homedepotca.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.10:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.11:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.44:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.263:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.111:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.112:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.113:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.114:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.115:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.116:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.251:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.252:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.12:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.7:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\Cookies\jean-philippe guérin@com[1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.254:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.255:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.256:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
    :mozilla.231:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\Cookies\jean-philippe guérin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\WINDOWS\Temp\Cookies\jean-philippe guérin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@e-2dj6wjloojazgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@e-2dj6wjmiwlazihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@e-2dj6wjkoencjkcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.15:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
    :mozilla.45:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@estat[1].txt -> TrackingCookie.Estat : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
    :mozilla.295:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.91:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.92:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.184:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.285:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.286:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.128:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.129:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.130:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.210:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@overture[2].txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.6:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.7:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.8:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.9:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.209:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.21:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.22:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
    :mozilla.133:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    :mozilla.176:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.160:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.161:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.162:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.163:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.39:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.205:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.206:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.207:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.190:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.197:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.182:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.142:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.167:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.169:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.34:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.287:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.288:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.289:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.292:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.293:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.294:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.296:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.31:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.32:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\WINDOWS\Temp\Cookies\jean-philippe guérin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.50:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.51:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.52:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\MORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-16edb09d-32913a8a.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).

    ::Report end

    ------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 12:56:55, on 2006-09-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.winantivirus.com
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
    O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    Merci et bonne journée !
    0
  4. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Jean-Philippe,

    Comme vous avez pu le constater, les moeurs de notre forum CCM diffèrent de votre forum de hockey ;)

    Revenons à notre discussion initiale à présent...

    Vous êtes plus qu'infecté, votre PC est une usine de malwares en fait lol

    - Méthode à suivre dans l'ordre -

    1/ Vide la quarantaine d'Ewido.

    2/ Télécharge et nettoie ton PC avec CCLEANER :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    Utilisation :
    - Dans l'onglet "Nettoyeur" cliquer sur "Analyse". Une fois l'analyse terminée, cliquer sur "Lancer le Nettoyage".
    - Dans l'onglet "Erreurs" cliquer sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuer une sauvegarde de votre registre (comme proposé). Recommencer jusqu’à qu’il n’y est plus d’erreurs détectés.

    3/ Télécharge absolument un firewall qui va fermer les port(e)s aux hackers.
    Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
    Tutorial là : https://forums.cnetfrance.fr

    4/ Désinstalle AVG et remplace le par Avast! qui est plus performant (et également gratuit) :

    - Télécharge, mets à jour et effectue un scan Minutieux de ton PC avec Avast! ici :
    https://www.avast.com/free-antivirus-download

    Tutoriel là :
    http://www.tutopat.com/viewtopic.php?t=1541

    5/ Scanne ton PC avec cet antivirus en ligne (uniquement sous IE) :
    http://www.bitdefender.fr/scan8/ie.html
    Clique sur "J'accepte" puis accepte également l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
    Ensuite, clique sur "Cliquez ici pour scanner".
    Patiente jusqu'à la fin du scan...
    Copie/colle le rapport sur le forum.

    6/ Remets un nouveau log HijackThis.

    PS : Ne fais pas attention au temps estimé par le scan de l'antivirus en ligne car très souvent, ça se finit bien plus vite.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Jean-Philippe Guérin
     
    Bonjour, j'ai fais tout ce que tu m'a demandé, voici les rapports du Hijack et du Bitdefender:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:54:04, on 2006-09-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.winantivirus.com
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
    O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    ------------------------------------------------------------------------
    Bit Defender:

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
    Infected with: Trojan.Spy.Keylogger.AI

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
    Disinfection failed

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
    Deleted

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)
    Update failed

    C:\Installation\SETUP\131468.exe=>wise0016
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\Installation\SETUP\131468.exe=>wise0016
    Deleted

    C:\Installation\SETUP\131468.exe
    Update failed

    C:\Installation\SETUP\131468.exe=>wise0017
    Infected with: Trojan.Downloader.Small.BKE

    C:\Installation\SETUP\131468.exe=>wise0017
    Disinfection failed

    C:\Installation\SETUP\131468.exe=>wise0017
    Deleted

    C:\Installation\SETUP\131468.exe
    Update failed

    C:\Installation\SETUP\14410.exe=>wise0018
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\Installation\SETUP\14410.exe=>wise0018
    Deleted

    C:\Installation\SETUP\14410.exe
    Update failed

    C:\Installation\SETUP\14410.exe=>wise0019
    Infected with: Trojan.Downloader.Small.BKE

    C:\Installation\SETUP\14410.exe=>wise0019
    Disinfection failed

    C:\Installation\SETUP\14410.exe=>wise0019
    Deleted

    C:\Installation\SETUP\14410.exe
    Update failed

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
    Deleted

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
    Update failed

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
    Infected with: Trojan.Downloader.Small.BKE

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
    Disinfection failed

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
    Deleted

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
    Update failed

    Je semble toujours avoir le problème de popup mais il semble être moins fréquent en apparence du moins.
    0
  7. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Salut,

    Il est incomplet ton rapport BitDefender.

    En en plus je t'avais dit de le faire dans l'ordre, d'abord BD et ensuite HT.

    Alors :

    1/ Commencer par télécharger ces deux antispywares gratuits et complémentaires :

    Ad-Aware :
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html

    Correctif permettant d'utiliser le logiciel en français ici :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/25543.html

    SpyBot Search & Destroy :
    https://www.safer-networking.org/download/

    2/ Exécuter Ad-Aware, le mettre à jour, effectuer une analyse complète du système et supprimer les infections trouvées.

    Voir le tutoriel ici :

    https://forums.cnetfrance.fr

    3/ Exécuter Spybot Search & Destroy, le mettre à jour et effectuer une vaccination du système pour corriger les problèmes de sécurité. Puis, vérifier tout le système pour supprimer les spywares trouvés.

    Voir le tutoriel ici :

    https://forums.cnetfrance.fr

    4/ Refais un scan avec BitDefender (tu colleras le rapport en entier) et ensuite un nouveau log HT.
    0
  8. Jean-Philippe Guérin
     
    Salut, en passant je te les simplement donné dans le mauvais ordre, pcq j'ai fait BD en premier ! Je tout suivi à la lettre, excepté pour BD, le logfile, je me trouve à l'avoir sauvegardé dans mon ordi, mais j'ai pas réussi a voir le logfile au complet, je sais pas trop comment !
    0
  9. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Ok, fais un effort la prochaine fois si tu veux que ton PC soit bien désinfecté ;)

    Fais ce que je t'ai marqué plus haut, on verra après pour le reste...

    a+
    0
  10. Jean-Philippe Guérin
     
    Ouais, je fais mes 2 scans avec ad-aware, spybot, ensuite je repasse chez BD et je te montre tout sa !

    Merci encore une fois ! :)
    0
  11. Jean-Philippe Guérin
     
    Salut,

    Avast qui scan en continue vient de me trouver ce virus la:
    Win32:KeyLogger-AU [Tool]

    Je sais pas si çà te dis dequoi .. en tous cas.. ad-aware se fait a l'instant ou on jase !

    JP!
    0
  12. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt,

    Pour avancer

    As-tu fait ce que t'as demandé Kristopher ???

    Perso je passerai un coup de

    Télécharge Blacklight(de F-Secure) a l’une des 2 adresses :
    https://www.f-secure.com/en
    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    A++

    0
  13. Jean-Philippe Guérin
     
    Salut,

    Voici mes test BD et HIjack:

    BitDefender Online Scanner

    Scan report generated at: Mon, Sep 11, 2006 - 15:27:23

    Scan path: C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Application Data\Microsoft\Messenger\mapledeck@hotmail.com\Sharing Folders;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Mes documents;C:\Documents and Settings\All Users.WINDOWS\Documents;C:\;E:\;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Mes documents;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\CEGEP;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Diane;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Entretien - Ordinateur;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Icones;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\KaTh-RyN;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Musique - Exercices;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Stage Basell;

    Statistics

    Time
    01:28:57

    Files
    642329

    Folders
    8288

    Boot Sectors
    3

    Archives
    4992

    Packed Files
    66839

    Results

    Identified Viruses
    3

    Infected Files
    7

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    7

    Engines Info

    Virus Definitions
    453688

    Engine build
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins
    13

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
    Infected with: Trojan.Spy.Keylogger.AI

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
    Disinfection failed

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
    Deleted

    C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)
    Update failed

    C:\Installation\SETUP\131468.exe=>wise0016
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\Installation\SETUP\131468.exe=>wise0016
    Deleted

    C:\Installation\SETUP\131468.exe
    Update failed

    C:\Installation\SETUP\131468.exe=>wise0017
    Infected with: Trojan.Downloader.Small.BKE

    C:\Installation\SETUP\131468.exe=>wise0017
    Disinfection failed

    C:\Installation\SETUP\131468.exe=>wise0017
    Deleted

    C:\Installation\SETUP\131468.exe
    Update failed

    C:\Installation\SETUP\14410.exe=>wise0018
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\Installation\SETUP\14410.exe=>wise0018
    Deleted

    C:\Installation\SETUP\14410.exe
    Update failed

    C:\Installation\SETUP\14410.exe=>wise0019
    Infected with: Trojan.Downloader.Small.BKE

    C:\Installation\SETUP\14410.exe=>wise0019
    Disinfection failed

    C:\Installation\SETUP\14410.exe=>wise0019
    Deleted

    C:\Installation\SETUP\14410.exe
    Update failed

    :\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
    Detected with: Application.Adware.NewDotNet.B.Dropper

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
    Deleted

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
    Update failed

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
    Infected with: Trojan.Downloader.Small.BKE

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
    Disinfection failed

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
    Deleted

    C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
    Update failed

    ------------------------------------------------------------------------
    Autre parti du BD:

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Mon, Sep 11, 2006 - 16:59:45

    --------------------------------------------------------------------------------

    Scan Info

    Scanned Files
    642809

    Infected Files
    7

    Virus Detected

    Application.Adware.NewDotNet.B.Dropper
    3

    Trojan.Downloader.Small.BKE
    3

    Trojan.Spy.Keylogger.AI
    1

    ------------------------------------------------------------------------

    Hijack maintenant:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:00:52, on 2006-09-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O15 - Trusted Zone: *.dollarrevenue.com
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
    O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    ------------------------------------------------------------------------

    Juste pour t'informer, j'ai toujours mon problème, je veux pas te mettre de pression du tout, juste t'en informer, et encore merci pour tout ton aide! :D

    JP
    0
  14. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt,

    Essaie ça
    Stp
    Merci
    # Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

    - Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Dézipper l2mfix.exe sur le bureau ;
    - Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
    => Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

    ensuite :

    - Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
    - A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
    => Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

    refais un hitjackthis

    A++

    0
  15. Jean-Philippe Guérin
     
    Voici mon premier test:

    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\wbhext.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\pGpnetsh.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\cZrds.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{A280CDEB-7B1F-0C09-34C2-DA18B332C24E}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
    "{C81DCBCA-8AE2-41FC-9C39-78B160393210}"="RhinoShExt"
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{1EBC3533-B289-409F-9924-B84B3F0717D2}"="AceFTP Context Menu Shell Extension"
    "{3AC7D292-2B27-47FC-BB9D-8C3FE7977CAA}"=""
    "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
    "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{67F38264-AEF8-450E-9823-24A25B3C57EC}"=""
    "{AD1EBA9D-D626-4951-A288-27CC199D9F92}"=""
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
    "{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    bitcom~1.dll Fri 2006-09-01 1:48:26 A.... 2 560 2,50 K
    nsy6d.dll Mon 2006-08-14 20:52:34 A.... 78 848 77,00 K
    sirenacm.dll Sat 2006-07-29 19:32:50 A.... 48 936 47,79 K

    3 items found: 3 files, 0 directories.
    Total of file sizes: 130 344 bytes 127,29 K
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est CC34-2477

    R‚pertoire de C:\WINDOWS\System32

    2006-06-04 12:22 <REP> dllcache
    2005-12-11 19:43 <REP> Microsoft
    0 fichier(s) 0 octets
    2 R‚p(s) 111ÿ151ÿ628ÿ288 octets libres
    0
  16. Jean-Philippe Guérin
     
    Rebonjour,
    Et voici la deuxième partie:

    L2mfix 051206
    Creating Account.
    La commande s'est termin‚e correctement.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    zip warning: name not matched: dlls\*.*

    zip error: Nothing to do! (backup.zip)
    adding: backregs/notibac.reg (164 bytes security) (deflated 88%)

    Merci infiniment de m'aider à résoudre ce sacré problème !! :(
    0
  17. Jean-Philippe Guérin
     
    Bonjour, après tout ces essaies de programme et anti-virus, firewall, ce qui s'est amélioré est le fait que mes popups sont maintenant moins fréquentes et les pop-ups sont a 80% du temps des pages blanches bloqué par le firewall, mais parfois quelques unes déjouent le firewall, bizaremment, souvent celle de Party Poker.. !

    Merci
    Jean-Philippe
    0
  18. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Salut,

    Supprime le dossier en gras :

    C:\Program Files\PartyGaming

    Puis coche et fixe ces lignes avec HijackThis :

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O15 - Trusted Zone: *.dollarrevenue.com

    Ensuite :

    Télécharge LSPFix :
    http://cexx.org/LSPFix.exe
    Ou là si ça ne fonctionne pas :
    http://www.downloads.subratam.org/lspfix.zip

    Exécute "LSPFix.exe".

    Coche : "I Know what I'm doing".

    Dans la colonne de gauche (Keep), sélectionne l'entrée nvappfilter.dll (seulement celle là) et place la dans la colonne de droite (remove) avec le bouton ">>".

    Clique sur "Finish >>".

    Puis remets un nouveau log HT à la fin.

    a+
    0
  19. Jean-Philippe Guérin
     
    Salut,
    Voici le log après ce que tu m'as demandé!

    Logfile of HijackThis v1.99.1
    Scan saved at 11:29:14, on 2006-09-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\AutoCAD 2005\acad.exe
    C:\DOCUME~1\JEAN-P~1.THE\LOCALS~1\Temp\AdskCleanup.0001
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
    O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    0
  20. Jean-Philippe Guérin
     
    Salut Kristopher,

    Selon moi tu touches au bobo ! Mais j'ai toujours les pop-ups, mais on est pas loin d'après moi! Merci de m'aider tant !!!

    JP
    0
  21. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Re,

    1/ Coche et fixe ces lignes :

    O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll

    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)

    2/ Scanne ton PC avec cet antispyware en ligne :
    https://www.trendmicro.com/en_us/forHome/products/housecall.html
    Clique sur "I Accept" et patiente un peu…
    Ensuite, clique sur "Start Scan"
    À la fin du scan "Scan Results" -> "Clean Threats Now"

    3/ - Télécharge le logiciel SmitfraudFix crée par S!Ri :
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip et décompresse le.

    - Ouvre le dossier "SmitfraudFix" qui sera apparu, double clic sur "Smitfraudfix.cmd", choisis l’option 1, un log va être généré…

    Copie et colle le rapport sur le forum.

    Ensuite

    Fais cette manipulation :

    - Redémarre le PC en mode "sans échec" : tu tapotes sur la touche F8 de ton clavier (ou bien F5 selon la version de Windows) et tu choisis le mode "sans échec".

    - Tu relances SmitfraudFix cette fois-ci en choisissant l'option 2 et tu réponds oui à tout.

    Colle le nouveau rapport après.
    0
  • 1
  • 2