I Worm.Generic

Résolu
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention   -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

il semble que mon PC a attrapé I Worm.Generic.ATJ
Est-ce que quelqu'un peut me dire comment l'enlever? SVP
Merci
A voir également:

16 réponses

Réponse 1 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
1
Réponse 2 / 16
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of HijackThis v1.99.1
Scan saved at 15:28:23, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\lnwin.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\system32\taskdir.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\game1.exe
C:\WINDOWS\system32\game4.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles/c5npfgov.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: FlexType 2K.lnk = C:\Documents and Settings\KATE\Bureau\Flex2K.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 3 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 4 / 16
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
SDFix: Version 1.62

26/01/2007 - 17:59:13,67

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
wincom32

Path:
\??\C:\WINDOWS\system32\wincom32.sys

wincom32 Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Files will be copied to Backups folder and removed:

C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP1.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP2.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP3.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP4.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP5.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP6.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP7.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP8.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMP9.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMPA.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMPB.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMPE.tmp - Deleted
C:\DOCUME~1\KATE\LOCALS~1\Temp\TMPF.tmp - Deleted
C:\WINDOWS\system32\adirss.exe - Deleted
C:\WINDOWS\system32\alsys.exe - Deleted
C:\WINDOWS\system32\game.exe - Deleted
C:\WINDOWS\system32\game0.exe - Deleted
C:\WINDOWS\system32\game1.exe - Deleted
C:\WINDOWS\system32\game2.exe - Deleted
C:\WINDOWS\system32\game3.exe - Deleted
C:\WINDOWS\system32\game4.exe - Deleted
C:\WINDOWS\system32\game5.exe - Deleted
C:\WINDOWS\system32\peers.ini - Deleted
C:\WINDOWS\system32\taskdir.exe - Deleted
C:\WINDOWS\system32\wincom32.ini - Deleted
C:\WINDOWS\system32\wincom32.sys - Deleted
C:\WINDOWS\system32\zlbw.dll - Deleted



Alternate Streams Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\KATE\\Local Settings\\Temp\\~osDF.tmp\\ossproxy.exe"="C:\\Documents and Settings\\KATE\\Local Settings\\Temp\\~osDF.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Documents and Settings\\KATE\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe"="C:\\Documents and Settings\\KATE\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\KATE\\Local Settings\\Temp\\~os33.tmp\\ossproxy.exe"="C:\\Documents and Settings\\KATE\\Local Settings\\Temp\\~os33.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\windows\\system32\\mksc.exe"="c:\\windows\\system32\\mksc.exe:*:Enabled:mksc.exe"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Disabled:DC++"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\system32\\clcbt.exe"="C:\\WINDOWS\\system32\\clcbt.exe:*:Enabled:enable"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\game4.exe"="C:\\WINDOWS\\system32\\game4.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\game1.exe"="C:\\WINDOWS\\system32\\game1.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\KATE\Bureau\~WRL1468.tmp
C:\Documents and Settings\KATE\Local Settings\Temp\is-S3BHD.tmp\pfukksqx.t
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL0046.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL0808.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL0969.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL1044.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL1517.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL2914.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\Stage 2005\~WRL4094.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\stage 2006\~WRL0241.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\stage 2006\~WRL2671.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\stage 2006\~WRL2853.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\stage 2006\~WRL3098.tmp
C:\Documents and Settings\KATE\Mes documents\Stages\stage 2006\~WRL3762.tmp
C:\WINDOWS\Temp\2j6u5vrc.TMP
C:\WINDOWS\Temp\o75ajh83.TMP
C:\WINDOWS\Temp\r6l7u8ty.TMP
C:\WINDOWS\Temp\teg3dmc8.TMP
C:\WINDOWS\Temp\zh30p99x.TMP

Finished
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Voici Hijack report et merci beaucoup de m'aider


Logfile of HijackThis v1.99.1
Scan saved at 18:10:56, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\lnwin.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles/c5npfgov.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: FlexType 2K.lnk = C:\Documents and Settings\KATE\Bureau\Flex2K.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 6 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Bonjour,

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06
https://www.adaware.com/
-Une aide:
http://usa.lucretius-ada.com/zcvisitor/8782d344-4821-11ea-83ce-0a2cdf2c6be7?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf

3/ AVG Anti-Spyware :

https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

4/ Ccleaner :

https://www.malekal.com/tutoriel-ccleaner/
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\WINDOWS\system32\lnwin.exe

----------------------------------------------------------------------------
¤ Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Copie/colle le rapport sur le forum.
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
-------------------------------------------------------------------------------------------
¤ Lance CCleaner comme sur le tuto fournit au début de la procédure.
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+
0
Réponse 7 / 16
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:42:56 26/01/2007

+ Résultat de l'analyse:



:mozilla.79:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.80:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.81:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.82:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.83:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.224:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.227:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.228:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.229:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.230:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.231:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.232:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.233:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.234:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.235:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.236:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.237:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.238:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.239:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.240:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.241:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.242:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.243:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.244:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.245:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.246:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.247:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.248:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.249:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.352:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.376:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.424:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.502:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.519:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.529:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.548:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.563:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.571:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.572:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.641:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.258:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.259:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.256:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adnet : Nettoyé.
:mozilla.257:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adnet : Nettoyé.
:mozilla.262:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.753:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.754:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.755:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.756:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.757:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.267:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.268:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.22:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.158:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.751:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.337:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Centrport : Nettoyé.
:mozilla.696:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.
:mozilla.21:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.725:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.726:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.727:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.728:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.27:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.204:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.860:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.261:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.713:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.867:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.452:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.71:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.541:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.62:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.63:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.64:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.263:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.264:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.265:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.266:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.549:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.550:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.558:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.118:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.119:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.120:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.121:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.122:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.123:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.109:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.110:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.116:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.132:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.133:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.732:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.733:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.734:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.735:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.736:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.737:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.738:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.739:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.748:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.749:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.750:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.796:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.93:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.43:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.49:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.50:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.51:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.54:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.580:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.581:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.582:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.583:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.584:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.585:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.586:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.587:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.588:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.589:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.590:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.591:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.606:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.607:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.608:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.609:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.610:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.619:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.44:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.45:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.48:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KATE\Cookies\kate@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.117:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.684:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.74:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.75:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.76:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.77:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.78:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.687:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.688:C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP1\A0001093.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP2\A0002180.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP3\A0002219.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP3\A0002253.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP5\A0002274.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP6\A0002293.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{0138FB65-0114-495E-B433-4A446F04A16C}\RP6\A0002315.dll -> Worm.Banwarum.f : Nettoyé.


Fin du rapport
0
Réponse 8 / 16
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of HijackThis v1.99.1
Scan saved at 23:37:15, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles\c5npfgov.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\KATE\Application Data\Mozilla\Firefox\Profiles/c5npfgov.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: FlexType 2K.lnk = C:\Documents and Settings\KATE\Bureau\Flex2K.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 9 / 16
great_07 Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Il semble que tout est entré dans l'ordre.
Est-ce que je dois cocher à nouveau les cases sur l'affichage des dossiers et fichiers pour que ce soit comme avant?

Un grand merci!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0
Réponse 10 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Content pour toi ;)

Oui tu peux remettre l'option comme avant.

A+
0
Réponse 11 / 16
Anne
 
voici mon raport hijackthis merci de m'aider

Logfile of HijackThis v1.99.1
Scan saved at 12:47:14, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\AC GALLEZ\Bureau\utorrent.exe
C:\DOCUME~1\ACGALL~1\LOCALS~1\Temp\Répertoire temporaire 1 pour scanner.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {31918704-F1FB-9322-9802-D00038EF3E06} - C:\DOCUME~1\ACGALL~1\APPLIC~1\Litegram\Batup.exe (file missing)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Every Toolbar - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\PROGRA~1\EVERYT~1.1\everycom.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [View Fork Road Ooze] C:\Documents and Settings\All Users\Application Data\Gridaimviewfork\locks title.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Intra multi] C:\DOCUME~1\ACGALL~1\APPLIC~1\ONEHID~1\LongClock.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?61ba26c3a1cc4f158a2849bc8f3027f4
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?61ba26c3a1cc4f158a2849bc8f3027f4
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylom.servicesalacarte.wanadoo.fr/activex/zylomloader.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/diner_dash/DinerDash.1.0.0.58.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2/zuma/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF980A5C-5AC4-4DF7-9DD5-0462C7F20578}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
0
Réponse 12 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut Anne,

Prkoi avoir mis ton rapport ici?

A+
0
Réponse 13 / 16
michelp31 Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
J'AI CHOPE i-worm/GENERIC.BBH -VU PAR AVG-
AINSI QUE trojan proxy.qvy et trojan downloader agent.kpy
c'est tout
plus de connexion internet !!
au secours!!!!!!!!!!!
et j'ai réussi à virer les dates de restauration après avoir désactivé la restau quelle quiche !

merci
0
Réponse 14 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt
0
Réponse 15 / 16
michelp31 Messages postés 6 Date d'inscription   Statut Membre Dernière intervention  
 
et pour I Worm/Generic.BBH vous avez une idée ?
0
Réponse 16 / 16
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt
0

Discussions similaires

Bouton ON OFF, O ou I ?
Stargirlfr -
kaparzo23 -

12 réponses
i tréma
Anonyme -
Anonyme -

6 réponses
les 2 petits points sur le e ou sur le i
mimjca -
mimjca -

2 réponses
"i" sans point?
Nao -
Nao -

6 réponses
symbole arrêt marche
strumpfi -
Raymond PENTIER -

2 réponses