Google redirigé et accès impossible
Résolu
broots
Messages postés
31
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
bon, je suis les conseils et je crée un nouveau sujet :
j'ai les liens google souvent redirigés vers des sites inconnus et je n'arrive plus à accèder à certains sites, comme vente-privee.com
J'aif ait le tour de sinfos sur le forum mais rien n'y fait....
HELP !!!!
Logfile of HijackThis v1.99.1
Scan saved at 22:46:14, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{242947CE-0BAA-478F-B11E-297203457457}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
j'ai les liens google souvent redirigés vers des sites inconnus et je n'arrive plus à accèder à certains sites, comme vente-privee.com
J'aif ait le tour de sinfos sur le forum mais rien n'y fait....
HELP !!!!
Logfile of HijackThis v1.99.1
Scan saved at 22:46:14, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{242947CE-0BAA-478F-B11E-297203457457}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
A voir également:
- Google redirigé et accès impossible
- Google maps satellite - Guide
- Google maps - Guide
- Dns google - Guide
- Google photo - Télécharger - Albums photo
- Google - Guide
11 réponses
Salut
belle infection !
* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
++
belle infection !
* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
++
belle infection ? je sais pas si je dois en être fier ou pleurer... :)
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Logfile of HijackThis v1.99.1
Scan saved at 23:07:57, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{242947CE-0BAA-478F-B11E-297203457457}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
Logfile of HijackThis v1.99.1
Scan saved at 23:07:57, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{242947CE-0BAA-478F-B11E-297203457457}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
re :)
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{242947CE-0BAA-478F-B11E-297203457457}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
ensuite fais le 1/ et 2/ de ce lien stp
virus methode preliminaire de desinfection version fr
++
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{242947CE-0BAA-478F-B11E-297203457457}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{199F46DF-284B-4FDD-9C28-635567F3FD67}: NameServer = 85.255.115.62,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.62 85.255.112.156
ensuite fais le 1/ et 2/ de ce lien stp
virus methode preliminaire de desinfection version fr
++
1)
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:57:08 05/12/2006
+ Résultat de l'analyse:
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230629.dll -> Adware.Aureate : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231931.dll -> Adware.Aureate : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231932.dll -> Adware.Aureate : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231933.exe -> Adware.Aureate : Nettoyé.
E:\System Volume Information\_restore{C1ABD8D8-4A3F-4402-819D-D7FAEFBF565A}\RP322\A0191701.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
I:\utils\Utils à trier\serv-u.ftp.server.6.0.x.crack-tsrh.zip/crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
I:\utils\Winrar\tsrh-wrar3b6uni_crk.zip/tsrh-wrar3b6uni_crk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
I:\utils\Winrar\tsrh-wrar3b6uni_crk\tsrh-wrar3b6uni_crk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.23:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.25:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.27:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.46:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.21:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.7:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.17:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.18:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230343.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230349.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230355.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230368.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230375.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230381.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230387.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230393.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230399.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230461.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230470.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230490.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230496.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230502.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230510.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230540.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230546.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230552.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230565.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230571.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230578.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230584.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230590.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230597.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230603.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230609.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230619.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230627.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230683.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231696.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231926.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231943.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231952.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231961.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231974.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP193\A0232010.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP193\A0232018.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232026.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232042.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232067.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232148.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232157.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232165.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232224.exe -> Trojan.Small.fb : Nettoyé.
Fin du rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:57:08 05/12/2006
+ Résultat de l'analyse:
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230629.dll -> Adware.Aureate : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231931.dll -> Adware.Aureate : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231932.dll -> Adware.Aureate : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231933.exe -> Adware.Aureate : Nettoyé.
E:\System Volume Information\_restore{C1ABD8D8-4A3F-4402-819D-D7FAEFBF565A}\RP322\A0191701.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
I:\utils\Utils à trier\serv-u.ftp.server.6.0.x.crack-tsrh.zip/crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
I:\utils\Winrar\tsrh-wrar3b6uni_crk.zip/tsrh-wrar3b6uni_crk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
I:\utils\Winrar\tsrh-wrar3b6uni_crk\tsrh-wrar3b6uni_crk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.23:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.25:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.27:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.46:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.21:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.7:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.17:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.18:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\8echq4k3.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Alex\Cookies\alex@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230343.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230349.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230355.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230368.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230375.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230381.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230387.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230393.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230399.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230461.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230470.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230490.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230496.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230502.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP190\A0230510.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230540.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230546.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230552.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230565.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230571.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230578.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230584.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230590.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230597.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230603.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230609.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230619.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230627.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0230683.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231696.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231926.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231943.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231952.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231961.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP191\A0231974.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP193\A0232010.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP193\A0232018.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232026.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232042.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232067.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232148.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232157.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232165.exe -> Trojan.Small.fb : Nettoyé.
C:\System Volume Information\_restore{0DE4CEF9-7E99-4430-800C-B4A197195635}\RP194\A0232224.exe -> Trojan.Small.fb : Nettoyé.
Fin du rapport
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of HijackThis v1.99.1
Scan saved at 01:03:48, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Scan saved at 01:03:48, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Salut
Pour avancer Green Day que (je salus c'est un gars trop sympa :) )
Désinstalle FlashGet il contient un spyware.
Puis insttalle un pare-feu ;-)
Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité
Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
Kerio
-tutoriel: pour configurer et comprendre l'utilisation de Kerio
https://kerio.probb.fr/
Ce n'est pas pour autant finit ! Je laisse finir Green Day
Pour avancer Green Day que (je salus c'est un gars trop sympa :) )
Désinstalle FlashGet il contient un spyware.
Puis insttalle un pare-feu ;-)
Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité
Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
Kerio
-tutoriel: pour configurer et comprendre l'utilisation de Kerio
https://kerio.probb.fr/
Ce n'est pas pour autant finit ! Je laisse finir Green Day
ok, merci !! déja j'accède à nouveau à venteprivee c'est bon signe :-)
désinstaller flashget ? Ok, mais je prends quoi à la place ? :-)
En tout cas merci à tous les 2 pour le coup de main, je commencais à pêter un cable :-)))))
désinstaller flashget ? Ok, mais je prends quoi à la place ? :-)
En tout cas merci à tous les 2 pour le coup de main, je commencais à pêter un cable :-)))))
