Trojan horse

mannai6 Messages postés 21 Date d'inscription   Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
bonjour,
en bref des trojan horse ont affectes mon ordinateur en plus j'ai un systeme d'exploitation windows xp.
merci d'avantage
Configuration: Windows XP
Internet Explorer 6.0

13 réponses

  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    * Télécharge HijackThis et poste le rapport stp

    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    0
    1. mannai6 Messages postés 21 Date d'inscription   Statut Membre
       
      voila le rapport et merci


      Logfile of HijackThis v1.99.1
      Scan saved at 21:33:27, on 21.01.2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\program files\seekmo\seekmo.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\VirusBursters\virusbursters.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Cablecom Assistant\bin\mpbtn.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1197D9DA875760EA83FA5EF80752B94E2DF795A7C402B39CE - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
      O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [start_cablecom volumecounter] C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O4 - Global Startup: cablecom assistant.lnk = C:\Program Files\Cablecom Assistant\bin\matcli.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: Interface Chat Voila - http://chat4.x-echo.com/version8/Applet/vchatsign.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      O23 - Service: m2PacketcounterService (_service) - mquadr.at - C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
      0
  2. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re
    ok,
    * Télécharge CCleaner.

    https://www.pcastuces.com/logitheque/ccleaner.htm

    Installe le dans un répertoire dédié.

    Décoche pendant l'installation

    --- les deux cases "Ajouter l'option ... "

    --- Contrôler les mises à jour

    --- Ajouter la Barre d'Outils Yahoo! CCleaner

    * Lance Ccleaner pour un nettoyage complet.

    ------

    * télécharge AVG Anti-Spyware (ewido)

    https://www.avg.com/en-ww/free-antivirus-download

    * tu l'installes

    * lance AVG Anti-Spyware et clique sur le bouton Mise à jour.<g/ras> Patiente

    puis

    Lance <gras>AVG Anti-Spyware


    Clique sur le bouton Analyse (de la barre d'outils)

    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

    A la fin du scan, choisis l'option 3

    "Appliquer toutes les actions " en bas.

    Clique sur "Enregistrer le rapport".

    Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    Poste le.
    à l'issu, reposte également un nouveau rapport Hijackthis stp
    0
  3. mannai
     
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:35:15 21.01.2007

    + Résultat de l'analyse:

    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Ignoré.
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP39\A0008693.dll -> Adware.Agent : Ignoré.
    C:\Program Files\Silver Codec -> Adware.Generic : Ignoré.
    C:\Program Files\Silver Codec\uninst.exe -> Adware.Generic : Ignoré.
    C:\Program Files\Super Codec -> Adware.Generic : Ignoré.
    HKLM\SOFTWARE\Classes\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f} -> Adware.Generic : Ignoré.
    HKLM\SOFTWARE\Classes\CLSID\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    HKU\S-1-5-21-57989841-1085031214-839522115-1003\Software\Internet Security -> Adware.Generic : Ignoré.
    HKU\S-1-5-21-57989841-1085031214-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
    C:\Program Files\Seekmo\seekmohook.dll -> Adware.Solution : Ignoré.
    C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.Solution : Ignoré.
    [1416] c:\program files\seekmo\seekmohook.dll -> Adware.Solution : Ignoré.
    [3624] c:\program files\seekmo\seekmohook.dll -> Adware.Solution : Ignoré.
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP87\A0013823.exe -> Adware.VirusBurst : Ignoré.
    C:\Program Files\Virus-Bursters -> Adware.VirusBursters : Ignoré.
    C:\Program Files\Virus-Bursters\Virus-Bursters.exe -> Adware.VirusBursters : Ignoré.
    C:\Program Files\Virus-Bursters\ignored.lst -> Adware.VirusBursters : Ignoré.
    C:\Program Files\Virus-Bursters\vir.dat.old -> Adware.VirusBursters : Ignoré.
    C:\Program Files\Virus-Bursters\virusburster.ini -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\Lang -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\Lang\English.ini -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\Logs -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\Quarantine -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\VirusBursters.exe -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\VirusBursters.url -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\blacklist.txt -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\ignored.lst -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\msvcp71.dll -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\msvcr71.dll -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\vir.dat -> Adware.VirusBursters : Ignoré.
    C:\Program Files\VirusBursters\virusburster.ini -> Adware.VirusBursters : Ignoré.
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP47\A0009023.exe -> Adware.VirusBursters : Ignoré.
    HKLM\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18} -> Adware.VirusBursters : Ignoré.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VirusBursters -> Adware.VirusBursters : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Ignoré.
    HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Ignoré.
    C:\WINDOWS\system32\rrtcany.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Ignoré.
    [500] C:\WINDOWS\system32\rrtcany.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Ignoré.
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP89\A0014921.dll -> Not-A-Virus.Hoax.Win32.Renos.gg : Ignoré.

    Fin du rapport
    0
  4. mannai
     
    voila le rapport et je te remercie encore,

    Logfile of HijackThis v1.99.1
    Scan saved at 22:39:47, on 21.01.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\program files\seekmo\seekmo.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\VirusBursters\virusbursters.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Cablecom Assistant\bin\mpbtn.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1197D9DA875760EA83FA5EF80752B94E2DF795A7C402B39CE - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [start_cablecom volumecounter] C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: cablecom assistant.lnk = C:\Program Files\Cablecom Assistant\bin\matcli.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Interface Chat Voila - http://chat4.x-echo.com/version8/Applet/vchatsign.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: m2PacketcounterService (_service) - mquadr.at - C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re
    AVG, tu ne l'as pas paramétré correctement, je pense "ignoré" est l'action faite par AVG
    Recommence stp et met en quarantaine
    reposte le nouveau rapport
    0
    1. mannai6 Messages postés 21 Date d'inscription   Statut Membre
       
      desole de se tromper voila de nouveau le rapport :
      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 23:14:12 21.01.2007

      + Résultat de l'analyse:



      C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP39\A0008693.dll -> Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Silver Codec -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Silver Codec\uninst.exe -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Super Codec -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Seekmo\seekmohook.dll -> Adware.Solution : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.Solution : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP87\A0013823.exe -> Adware.VirusBurst : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Virus-Bursters -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Virus-Bursters\Virus-Bursters.exe -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Virus-Bursters\ignored.lst -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Virus-Bursters\vir.dat.old -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Virus-Bursters\virusburster.ini -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\Lang -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\Lang\English.ini -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\Logs -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\Quarantine -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\VirusBursters.exe -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\VirusBursters.url -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\blacklist.txt -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\ignored.lst -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\msvcp71.dll -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\msvcr71.dll -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\vir.dat -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\VirusBursters\virusburster.ini -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP47\A0009023.exe -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\rrtcany.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP89\A0014921.dll -> Not-A-Virus.Hoax.Win32.Renos.gg : Nettoyé et sauvegardé (mise en quarantaine).


      Fin du rapport

      Ensuite le rapport de hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 23:34:03, on 21.01.2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\program files\seekmo\seekmo.exe
      C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
      C:\Program Files\Cablecom Assistant\bin\mpbtn.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1197D9DA875760EA83FA5EF80752B94E2DF795A7C402B39CE - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
      O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [start_cablecom volumecounter] C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O4 - Global Startup: cablecom assistant.lnk = C:\Program Files\Cablecom Assistant\bin\matcli.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: Interface Chat Voila - http://chat4.x-echo.com/version8/Applet/vchatsign.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      O23 - Service: m2PacketcounterService (_service) - mquadr.at - C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe

      merci beaucoup
      0
  7. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    desole de se tromper voila de nouveau le rapport : 


    pas grave, fallait juste le refaire
    je regarde le rapport hijackthis et revient te donner la suite
    0
  8. mannai6 Messages postés 21 Date d'inscription   Statut Membre
     
    ok merci
    0
  9. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    * lance hijackthis et coche :

    O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E1197D9DA875760EA83FA5EF80752B94E2DF795A7C402B39CE - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

    *clique sur "fixer objet"

    puis

    * via ajout et suppression de programmes, supprime

    virusbursters
    seekmo
    eoRezo


    puis

    * Assure toi d'avoir accès à tous les fichiers

    -démarrer

    -poste de travail ou autre dossier

    -menu outils

    -options de dossier

    -onglet affichage

    puis

    - activer la case : Afficher les fichiers et dossiers cachés

    - désactiver la case : Masquer les extensions des fichiers dont le type est connu

    - désactiver la case : Masquer les fichier protégés du système d'exploitation

    Puis - Appliquer

    * et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

    C:\Program Files\VirusBursters
    c:\program files\seekmo
    C:\PROGRAMESFILES\eoRezo

    * Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système

    * refait un scan avec AVG et poste le rapport ainsi qu'un nouveau rapport hijackthis
    0
    1. mannai6 Messages postés 21 Date d'inscription   Statut Membre
       
      excuse si je lance hijackthis je trouve rien a cocher je peux seulement scaner ou des autres choix donc ce stp pas clair le debut de cette etape
      0
  10. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    tu lances hijackthis pour un "scan seulement"
    ensuite tu coches les lignes
    0
  11. mannai6 Messages postés 21 Date d'inscription   Statut Membre
     
    voila le rapport de AVG Anti-Spyware:

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 00:41:55 22.01.2007

    + Résultat de l'analyse:

    HKLM\SOFTWARE\Classes\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-21-57989841-1085031214-839522115-1003\Software\Internet Security -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-21-57989841-1085031214-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\Hijackthis Version Française\backups\backup-20070122-000803-599.dll -> Adware.Solution : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP89\A0015034.dll -> Adware.Solution : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP89\A0015040.exe -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18} -> Adware.VirusBursters : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{930CC8B0-22AD-46B6-9342-8435E897A39A}\RP89\A0015044.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Salah\Cookies\salah@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Salah\Cookies\salah@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Salah\Cookies\salah@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.

    Fin du rapport

    aussi seul de hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 00:46:08, on 22.01.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Cablecom Assistant\bin\mpbtn.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [start_cablecom volumecounter] C:\Program Files\cablecom\Compteur de volume hispeed\volumecounter.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: cablecom assistant.lnk = C:\Program Files\Cablecom Assistant\bin\matcli.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Interface Chat Voila - http://chat4.x-echo.com/version8/Applet/vchatsign.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: m2PacketcounterService (_service) - mquadr.at - C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe

    et merci
    0
  12. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Bonjour,

    relance Hijackthis coche et fixe cette ligne

    O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)


    juste petite confirmation connais tu
    m2PacketcounterService (_service) - mquadr.at - C:\Program Files\cablecom\Compteur de volume hispeed\packetservice.exe
    0
    1. mannai
       
      salut,

      repm2PacketcounterService (_service) - mquadr.at - C:\Program
      Files\cablecom\Compteur de volume hispeed\packetservice.exe


      concernant cet application je pense et je suis pas sure ce pour l'abonnement internet cablecom .

      merci beaucoup
      0
  13. mannai6 Messages postés 21 Date d'inscription   Statut Membre
     
    salut,

    repm2PacketcounterService (_service) - mquadr.at - C:\Program
    Files\cablecom\Compteur de volume hispeed\packetservice.exe

    concernant cet application je pense et je suis pas sure ce pour l'abonnement
    internet cablecom .

    merci
    0
  14. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Bonsoir,

    effectivement c'est certainement ça.

    As tu encore des problèmes ?
    0