Sujet Précédent Sujet Suivant

Adware a infecté mon pc

Fermé
hou59 - 3 nov. 2006 à 06:38
Kristopher Messages postés 3731 Date d'inscription vendredi 18 novembre 2005 Statut Contributeur Dernière intervention 10 juillet 2009 - 5 nov. 2006 à 13:42
Bonjour,

Quelqu'un peut il m'aider SVP.

Je ne peux plus renter sur internet avec l'icone du bureau et je ne peux plus visonner de video.

J'ai télécharger ewido et voici le résultat du scan.

Merci d'avance

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:37:43 03/11/2006

+ Scan result:



C:\Documents and Settings\lahoucine\Mes documents\logiciel\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : Error during cleaning.
C:\Program Files\Altnet\Download Manager\asmps.dll -> Adware.Altnet : Error during cleaning.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject.1 -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2130174843-3612333688-1845044030-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
[1252] VM_00880000 -> Downloader.Zlob.aty : Error during cleaning.
[1552] VM_009D0000 -> Downloader.Zlob.aty : Error during cleaning.
[1560] VM_009C0000 -> Downloader.Zlob.aty : Error during cleaning.
[1568] VM_00A40000 -> Downloader.Zlob.aty : Error during cleaning.
[1576] VM_00990000 -> Downloader.Zlob.aty : Error during cleaning.
[1596] VM_00A60000 -> Downloader.Zlob.aty : Error during cleaning.
[1608] VM_00A00000 -> Downloader.Zlob.aty : Error during cleaning.
[1708] VM_00930000 -> Downloader.Zlob.aty : Error during cleaning.
[1716] VM_00BB0000 -> Downloader.Zlob.aty : Error during cleaning.
[1732] VM_003C0000 -> Downloader.Zlob.aty : Error during cleaning.
[1748] VM_003C0000 -> Downloader.Zlob.aty : Error during cleaning.
[1756] VM_009E0000 -> Downloader.Zlob.aty : Error during cleaning.
[1784] VM_00880000 -> Downloader.Zlob.aty : Error during cleaning.
[1808] VM_00990000 -> Downloader.Zlob.aty : Error during cleaning.
[1816] VM_003D0000 -> Downloader.Zlob.aty : Error during cleaning.
[1828] VM_009F0000 -> Downloader.Zlob.aty : Error during cleaning.
[1852] VM_00880000 -> Downloader.Zlob.aty : Error during cleaning.
[1912] VM_003E0000 -> Downloader.Zlob.aty : Error during cleaning.
[3084] VM_011B0000 -> Downloader.Zlob.aty : Error during cleaning.
[396] VM_009C0000 -> Downloader.Zlob.aty : Error during cleaning.
[516] VM_03510000 -> Downloader.Zlob.aty : Error during cleaning.
[540] VM_00CB0000 -> Downloader.Zlob.aty : Error during cleaning.
C:\Documents and Settings\All Users\Documents\mailpv.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored.
C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@adtech[3].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@need2find[1].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
A voir également:

7 réponses

Réponse 1 / 7
Kristopher Messages postés 3731 Date d'inscription vendredi 18 novembre 2005 Statut Contributeur Dernière intervention 10 juillet 2009 105
3 nov. 2006 à 18:55
Salut,

Rends toi sur cette page :

virus methode preliminaire de desinfection version fr

Et fais exactement ce qui est demandé :)

a+
0
Réponse 2 / 7
hou59
4 nov. 2006 à 18:57
Bonjour,


Merci christophe,


Voici les 3 scans


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:01:03 04/11/2006

+ Résultat de l'analyse:



[1060] VM_009C0000 -> Downloader.Zlob.aty : Nettoyé.
[1084] VM_00A40000 -> Downloader.Zlob.aty : Nettoyé.
[1128] VM_00990000 -> Downloader.Zlob.aty : Nettoyé.
[1160] VM_00A60000 -> Downloader.Zlob.aty : Nettoyé.
[1168] VM_00A00000 -> Downloader.Zlob.aty : Nettoyé.
[1440] VM_00880000 -> Downloader.Zlob.aty : Nettoyé.
[1552] VM_00930000 -> Downloader.Zlob.aty : Nettoyé.
[1568] VM_00BB0000 -> Downloader.Zlob.aty : Nettoyé.
[1576] VM_003C0000 -> Downloader.Zlob.aty : Nettoyé.
[1652] VM_003C0000 -> Downloader.Zlob.aty : Nettoyé.
[1664] VM_009E0000 -> Downloader.Zlob.aty : Nettoyé.
[1672] VM_00390000 -> Downloader.Zlob.aty : Nettoyé.
[1680] VM_00880000 -> Downloader.Zlob.aty : Nettoyé.
[1816] VM_003D0000 -> Downloader.Zlob.aty : Nettoyé.
[1868] VM_009F0000 -> Downloader.Zlob.aty : Nettoyé.
[2080] VM_00880000 -> Downloader.Zlob.aty : Nettoyé.
[2128] VM_00A90000 -> Downloader.Zlob.aty : Nettoyé.
[2176] VM_003E0000 -> Downloader.Zlob.aty : Nettoyé.
[2424] VM_009C0000 -> Downloader.Zlob.aty : Nettoyé.
[3352] VM_003A0000 -> Downloader.Zlob.aty : Nettoyé.
[3740] VM_011C0000 -> Downloader.Zlob.aty : Nettoyé.
[516] VM_03510000 -> Downloader.Zlob.aty : Nettoyé.
[540] VM_00D90000 -> Downloader.Zlob.aty : Nettoyé.
[872] VM_009D0000 -> Downloader.Zlob.aty : Nettoyé.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\lahoucine\Cookies\lahoucine@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport


<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Sat, Nov 04, 2006 - 15:49:59</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:37:57</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">220291</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3394</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7532</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13925</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">312429</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe=>(ZIP Sfx o)=>mailpv.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.PassStealer</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe=>(ZIP Sfx o)=>mailpv.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe=>(ZIP Sfx o)=>mailpv.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe=>(ZIP Sfx o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\mailpv.zip=>mailpv.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.PassStealer</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\mailpv.zip=>mailpv.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\mailpv.zip=>mailpv.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\All Users\Documents\mailpv.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\lahoucine\Local Settings\Application Data\Identities\{955926CA-7294-410D-9B13-D9917DD2638D}\Microsoft\Outlook Express\Boîte d'envoi.dbx=>(message 6)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sat, 20 May 2006 01:37:26 +0200]=>(MIME part)=>mspass.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Backdoor.VB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\lahoucine\Local Settings\Application Data\Identities\{955926CA-7294-410D-9B13-D9917DD2638D}\Microsoft\Outlook Express\Boîte d'envoi.dbx=>(message 6)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sat, 20 May 2006 01:37:26 +0200]=>(MIME part)=>mspass.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\lahoucine\Local Settings\Application Data\Identities\{955926CA-7294-410D-9B13-D9917DD2638D}\Microsoft\Outlook Express\Boîte d'envoi.dbx=>(message 6)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sat, 20 May 2006 01:37:26 +0200]=>(MIME part)=>mspass.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\lahoucine\Local Settings\Application Data\Identities\{955926CA-7294-410D-9B13-D9917DD2638D}\Microsoft\Outlook Express\Boîte d'envoi.dbx=>(message 6)=>[Subject: =?iso-8859-1?Q?Envoi_d'un_message=A0:_][Date: Sat, 20 May 2006 01:37:26 +0200]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\lahoucine\Local Settings\Application Data\Identities\{955926CA-7294-410D-9B13-D9917DD2638D}\Microsoft\Outlook Express\Boîte d'envoi.dbx=>(message 6)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\lahoucine\Local Settings\Application Data\Identities\{955926CA-7294-410D-9B13-D9917DD2638D}\Microsoft\Outlook Express\Boîte d'envoi.dbx</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Xcessive.Behavior.2.XXX.DVDRip.XviD-Pr0nStarS\intcodec-v6.403.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.Zlob.TZ</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Xcessive.Behavior.2.XXX.DVDRip.XviD-Pr0nStarS\intcodec-v6.403.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">D:\Xcessive.Behavior.2.XXX.DVDRip.XviD-Pr0nStarS\intcodec-v6.403.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>


Logfile of HijackThis v1.99.1
Scan saved at 16:43:53, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\AOLSoftware.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
c:\program files\fichiers communs\aol\1158712723\ee\aolssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LAHOUC~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01621 - {54B62CEF-8A07-4D3C-A2EF-DDF184264374} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh mediabar\MediaBar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1158712723\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\Fichiers communs\AOL\Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [VoipBuster] "c:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8163E773-B2BC-4D6E-ACC7-12138E98AA98}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED01BD9-6307-4AC8-A8AE-14DD26BB1B65}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{91DB0E43-A59F-4865-AC67-0DCE487F43AB}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{C119B760-C838-4668-939D-19D10E2A4B82}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
0
Réponse 3 / 7
hou59
5 nov. 2006 à 01:09
,
0
Réponse 4 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 656
5 nov. 2006 à 01:12
Bonsoir,

Télécharge FixWareout LonnyRJones de d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe


Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HiJackThis.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
hou59
5 nov. 2006 à 01:39
Merci malikel


voici les scans



Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.


Logfile of HijackThis v1.99.1
Scan saved at 19:33:26, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\aolsoftware.exe
c:\program files\fichiers communs\aol\1158712723\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\fichiers communs\aol\1158712723\ee\aolssc.exe
C:\DOCUME~1\LAHOUC~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis[1].zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01621 - {54B62CEF-8A07-4D3C-A2EF-DDF184264374} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh mediabar\MediaBar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1158712723\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\Fichiers communs\AOL\Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [VoipBuster] "c:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8163E773-B2BC-4D6E-ACC7-12138E98AA98}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED01BD9-6307-4AC8-A8AE-14DD26BB1B65}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{91DB0E43-A59F-4865-AC67-0DCE487F43AB}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{C119B760-C838-4668-939D-19D10E2A4B82}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 656
5 nov. 2006 à 01:50
Sur hijackThis, coche ces lignes :

O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8163E773-B2BC-4D6E-ACC7-12138E98AA98}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED01BD9-6307-4AC8-A8AE-14DD26BB1B65}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{91DB0E43-A59F-4865-AC67-0DCE487F43AB}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{C119B760-C838-4668-939D-19D10E2A4B82}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133

--> clic sur fix checked

Redémarre l'ordinateur

Supprime si existant : C:\Program Files\RXToolBar\

Fais un scan en ligne :

Ouvre internet explorer --> Outils --> Options internet --> onglet "sécurité" --> Valide "niveau par défaut".
Toujours sur Internet explorer --> Outils --> Options internet --> onglet "avancé" --> valide "Paramètres par défaut".

Pour effectuer les scans, désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).


- Fais un en ligne sur panda : https://www.pandasecurity.com/?ref=www.pandasoftware.com/products/activescan.htm en désactivant ton antivirus pendant le scan!
(Si tu es perdu, tu peux suivre ce tuto https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId237368 Copie/colle le rapport panda ici ainsi qu'un nouveau rapport HijackThis.
0
Réponse 6 / 7
hou59
5 nov. 2006 à 04:07
Merci malekal


Voici les 2 scans


Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet
Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/instafinder Not disinfected Windows Registry
Potentially unwanted tool:Application/MailPassView Not disinfected C:\Documents and Settings\All Users\Documents\sniffpass_setup.exe[mailpv.exe]
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\lahoucine\Local Settings\Temp\p2psetup.exe
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@weborama[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@atdmt[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@serving-sys[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@searchportal.information[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@atwola[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@xiti[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@revenue[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@apmebf[3].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@searchportal.information[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@2o7[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@zedo[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@adrevolver[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@fastclick[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@advertising[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@ads.pointroll[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@realmedia[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@as-eu.falkag[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@data.coremetrics[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@questionmarket[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@ad.yieldmanager[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@adultfriendfinder[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@247realmedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@mediaplex[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@stat.onestat[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@overture[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@bs.serving-sys[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\lahoucine\Cookies\lahoucine@bluestreak[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Invité\Cookies\invité@xiti[1].txt
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asm.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asmps.dll
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Recycled\Dc10\p2psetup[1].exe
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Recycled\Dc11\p2psetup[1].exe
Hacktool:Hacktool/MSNPass.F Not disinfected Dossiers locaux\Boîte d'envoi\Envoi d'un message : mspass\mspass.exe


Logfile of HijackThis v1.99.1
Scan saved at 22:01:02, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\AOL\1158712723\ee\aolsoftware.exe
C:\DOCUME~1\LAHOUC~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis[1].zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01621 - {54B62CEF-8A07-4D3C-A2EF-DDF184264374} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh mediabar\MediaBar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1158712723\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\Fichiers communs\AOL\Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [VoipBuster] "c:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Fichiers communs\AOL\1158712723\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 656
5 nov. 2006 à 11:41
Supprime :
C:\WINDOWS\system32\cd_clint.dll
c:\program files\Altnet


Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : http://www.malekal.com/rechercher_fichiers.php



C'est OK en suivant les dernières manipulations ci-dessous :)

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool ;)


- Nettoye ton ordinateur avec CCleaner : https://www.malekal.com/tutoriel-ccleaner/
- Désactive puis réactive la restauration du système :
- Mode d'emploi Windows XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.

je t'invite à jeter un coup d'oeil à ces liens dans la mesure du possible, essaye de rapporter ton infection :

[b]Comment se protéger des virus :[/b] - Tout ceci est résume sur cette page : https://www.malekal.com/proteger-pc-virus-pirates/

[b]Rapporte ton infection[/b] pour faire condamner les auteurs sur Malware-Complaints. Pour [b]faire entendre notre voix[/b], nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les règles de Malware-Complaints https://malwarecomplaints.info/
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as [b]plus[/b] de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as [b]moins[/b], clic sur : I Agree to these terms and am under 13 years of age

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f8e115fda8cee41a4

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "[b]Autres infections[/b]" conforme au règle du forum (age, ville, département etc..) : https://malwarecomplaints.info/

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - [b]NE PAS CREER UN SUJET[/b] avec le bouton New Topic.

[b]Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html[/b]
Si tu as des questions ou des problèmes, [b]n'hésites pas[/b] à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.
0
Réponse 7 / 7
Kristopher Messages postés 3731 Date d'inscription vendredi 18 novembre 2005 Statut Contributeur Dernière intervention 10 juillet 2009 105
5 nov. 2006 à 13:42
Hello

Merci Malekal_morte- d'avoir pris le relais.

Je pense que tu as tout dis, ou du moins l'essentiel :)

Je vois néanmoins d'autres infection visibles dans le log HT alors je te laisse t'en occuper.

Si tu as d 'autres questions hou59, on est là.

a+
0