[Panda Software] analyse du rapport
Bill
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour à tous!
Depuis quelques jours, j'ai de nombreux pop-ups qui s'ouvrent de manière intempestive sur mon PC et concernant Win antivirus pro et spyware doctor ainsi que les sites amanea.com et yourshopz.com.
Voici tout d'abord le rapport de Hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 09:56:11, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
D:\Utilitaires\Avast\aswUpdSv.exe
D:\Utilitaires\Avast\ashServ.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0982b6e5-39cd-4b0f-963f-7e3c13502583} - C:\WINDOWS\system32\dmcgnt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\ssqopq.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dmcgnt - C:\WINDOWS\SYSTEM32\dmcgnt.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
J'ai également fait un scan en ligne avec panda Software qui a détecté 2 rootkits et 60 spywares.
Incident Statut Analyse
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.com.com/]
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@247realmedia[1].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@247realmedia[2].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@adtech[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@atdmt[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@atdmt[3].txt
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bfast[2].txt
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bfast[3].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bluestreak[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bluestreak[3].txt
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@casalemedia[1].txt
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@casalemedia[2].txt
Spyware:Cookie/Clickbank No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@clickbank[1].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@com[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@doubleclick[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@doubleclick[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@drivecleaner[3].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@fastclick[2].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@fastclick[3].txt
Spyware:Cookie/Findwhat No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@findwhat[1].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@media.fastclick[1].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@media.fastclick[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@mediaplex[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@mediaplex[2].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@overture[1].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@overture[2].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@realmedia[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats.drivecleaner[3].txt
Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats1.reliablestats[1].txt
Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@systemdoctor[2].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@weborama[2].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@weborama[3].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@winantivirus[1].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@winantivirus[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.systemdoctor[1].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.systemdoctor[2].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.winantivirus[1].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.winantivirus[2].txt
Spyware:Cookie/Seeq No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www48.seeq[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@xiti[2].txt
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@zedo[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Local Settings\Temp\Cookies\nabil@xiti[1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nabil\Mes documents\antispyware\navilog1.zip[Process.exe]
Hacktool:HackTool/Aircrack No Désinfecté C:\Documents and Settings\Nabil\Mes documents\Mes Cracks\crack wifi\aircrack-ng-0.6.2-win.zip[aircrack-ng-0.6.2-win/bin/airodump-ng.exe]
Virus Eventuel. No Désinfecté C:\WINDOWS\mlkhgh.dll
Virus Eventuel. No Désinfecté C:\WINDOWS\ssqopq.dll
Virus Eventuel. No Désinfecté C:\WINDOWS\system32\dmcgnt.dll
Virus Eventuel. No Désinfecté D:\Utilitaires\Ashampoo AntiSpyWare\Uninstaller.exe
Adware:Adware/SaveNow No Désinfecté D:\Utilitaires\DAEMON Tools\SetupDTSB.exe
Si quelqu'un povait m'aider, je lui en serai vraiment reconnaissant.
Merci d'avance pour votre aide.
Depuis quelques jours, j'ai de nombreux pop-ups qui s'ouvrent de manière intempestive sur mon PC et concernant Win antivirus pro et spyware doctor ainsi que les sites amanea.com et yourshopz.com.
Voici tout d'abord le rapport de Hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 09:56:11, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
D:\Utilitaires\Avast\aswUpdSv.exe
D:\Utilitaires\Avast\ashServ.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0982b6e5-39cd-4b0f-963f-7e3c13502583} - C:\WINDOWS\system32\dmcgnt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\ssqopq.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dmcgnt - C:\WINDOWS\SYSTEM32\dmcgnt.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
J'ai également fait un scan en ligne avec panda Software qui a détecté 2 rootkits et 60 spywares.
Incident Statut Analyse
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.com.com/]
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Nabil\Application Data\Mozilla\Firefox\Profiles\6kjrth86.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@247realmedia[1].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@247realmedia[2].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@adtech[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@atdmt[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@atdmt[3].txt
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bfast[2].txt
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bfast[3].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bluestreak[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@bluestreak[3].txt
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@casalemedia[1].txt
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@casalemedia[2].txt
Spyware:Cookie/Clickbank No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@clickbank[1].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@com[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@doubleclick[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@doubleclick[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@drivecleaner[3].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@fastclick[2].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@fastclick[3].txt
Spyware:Cookie/Findwhat No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@findwhat[1].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@media.fastclick[1].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@media.fastclick[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@mediaplex[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@mediaplex[2].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@overture[1].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@overture[2].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@realmedia[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats.drivecleaner[3].txt
Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats1.reliablestats[1].txt
Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@systemdoctor[2].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@weborama[2].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@weborama[3].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@winantivirus[1].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@winantivirus[2].txt
Spyware:Cookie/DriveCleaner No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.systemdoctor[1].txt
Spyware:Cookie/Systemdoctor No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.systemdoctor[2].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.winantivirus[1].txt
Spyware:Cookie/Winantivirus No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www.winantivirus[2].txt
Spyware:Cookie/Seeq No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@www48.seeq[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@xiti[2].txt
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Nabil\Cookies\nabil@zedo[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nabil\Local Settings\Temp\Cookies\nabil@xiti[1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nabil\Mes documents\antispyware\navilog1.zip[Process.exe]
Hacktool:HackTool/Aircrack No Désinfecté C:\Documents and Settings\Nabil\Mes documents\Mes Cracks\crack wifi\aircrack-ng-0.6.2-win.zip[aircrack-ng-0.6.2-win/bin/airodump-ng.exe]
Virus Eventuel. No Désinfecté C:\WINDOWS\mlkhgh.dll
Virus Eventuel. No Désinfecté C:\WINDOWS\ssqopq.dll
Virus Eventuel. No Désinfecté C:\WINDOWS\system32\dmcgnt.dll
Virus Eventuel. No Désinfecté D:\Utilitaires\Ashampoo AntiSpyWare\Uninstaller.exe
Adware:Adware/SaveNow No Désinfecté D:\Utilitaires\DAEMON Tools\SetupDTSB.exe
Si quelqu'un povait m'aider, je lui en serai vraiment reconnaissant.
Merci d'avance pour votre aide.
A voir également:
- [Panda Software] analyse du rapport
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Everest software - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
8 réponses
Salut,
Prends connaissance du contenu le lien suivant:
http://www.f-secure.com/products/license-terms/eult_fra.pdf
Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
Maintenant fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2 sans notre avis/accord)
Patientes jusqu'au message :
*** Analyse Termine le ..... ***
Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Prends connaissance du contenu le lien suivant:
http://www.f-secure.com/products/license-terms/eult_fra.pdf
Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
Maintenant fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2 sans notre avis/accord)
Patientes jusqu'au message :
*** Analyse Termine le ..... ***
Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Salut,
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
A+
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
A+
Voilà j'ai fait tout ce que tu m'as dit et je poste le rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:24:36, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
D:\Utilitaires\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\Utilitaires\Avast\ashServ.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
D:\Utilitaires\Avast\setup\avast.setup
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Merci de m'aider :D
Logfile of HijackThis v1.99.1
Scan saved at 12:24:36, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
D:\Utilitaires\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\Utilitaires\Avast\ashServ.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
D:\Utilitaires\Avast\setup\avast.setup
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Merci de m'aider :D
Je peux avoir le rapport VBG.TXT?
Désolé, j'ai oublié de le poster.
Rapport VBG:
[02/24/2007, 12:20:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nabil\Mes documents\antispyware\VirtumundoBeGone.exe" )
[02/24/2007, 12:20:31] - Detected System Information:
[02/24/2007, 12:20:31] - Windows Version: 5.1.2600, Service Pack 2
[02/24/2007, 12:20:31] - Current Username: Nabil (Admin)
[02/24/2007, 12:20:31] - Windows is in NORMAL mode.
[02/24/2007, 12:20:31] - Searching for Browser Helper Objects:
[02/24/2007, 12:20:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/24/2007, 12:20:31] - BHO 2: {0982b6e5-39cd-4b0f-963f-7e3c13502583} ()
[02/24/2007, 12:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:31] - Checking for HKLM\...\Winlogon\Notify\dmcgnt
[02/24/2007, 12:20:31] - Found: HKLM\...\Winlogon\Notify\dmcgnt - This is probably Virtumundo.
[02/24/2007, 12:20:31] - Assigning {0982b6e5-39cd-4b0f-963f-7e3c13502583} MSEvents Object
[02/24/2007, 12:20:31] - BHO list has been changed! Starting over...
[02/24/2007, 12:20:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/24/2007, 12:20:31] - BHO 2: {0982b6e5-39cd-4b0f-963f-7e3c13502583} (MSEvents Object)
[02/24/2007, 12:20:31] - ALERT: Found MSEvents Object!
[02/24/2007, 12:20:31] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 12:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:31] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 12:20:31] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 12:20:31] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/24/2007, 12:20:31] - BHO 5: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 12:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:31] - Checking for HKLM\...\Winlogon\Notify\tmp2.tmp
[02/24/2007, 12:20:31] - Key not found: HKLM\...\Winlogon\Notify\tmp2.tmp, continuing.
[02/24/2007, 12:20:31] - Finished Searching Browser Helper Objects
[02/24/2007, 12:20:31] - *** Detected MSEvents Object
[02/24/2007, 12:20:31] - Trying to remove MSEvents Object...
[02/24/2007, 12:20:32] - Terminating Process: IEXPLORE.EXE
[02/24/2007, 12:20:33] - Terminating Process: RUNDLL32.EXE
[02/24/2007, 12:20:33] - Disabling Automatic Shell Restart
[02/24/2007, 12:20:33] - Terminating Process: EXPLORER.EXE
[02/24/2007, 12:20:33] - Suspending the NT Session Manager System Service
[02/24/2007, 12:20:33] - Terminating Windows NT Logon/Logoff Manager
[02/24/2007, 12:20:33] - Re-enabling Automatic Shell Restart
[02/24/2007, 12:20:33] - File to disable: C:\WINDOWS\system32\dmcgnt.dll
[02/24/2007, 12:20:33] - Renaming C:\WINDOWS\system32\dmcgnt.dll -> C:\WINDOWS\system32\dmcgnt.dll.vir
[02/24/2007, 12:20:34] - File successfully renamed!
[02/24/2007, 12:20:34] - Removing HKLM\...\Browser Helper Objects\{0982b6e5-39cd-4b0f-963f-7e3c13502583}
[02/24/2007, 12:20:34] - Removing HKCR\CLSID\{0982b6e5-39cd-4b0f-963f-7e3c13502583}
[02/24/2007, 12:20:34] - Adding Kill Bit for ActiveX for GUID: {0982b6e5-39cd-4b0f-963f-7e3c13502583}
[02/24/2007, 12:20:34] - Deleting ATLEvents/MSEvents Registry entries
[02/24/2007, 12:20:34] - Removing HKLM\...\Winlogon\Notify\dmcgnt
[02/24/2007, 12:20:34] - Searching for Browser Helper Objects:
[02/24/2007, 12:20:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/24/2007, 12:20:34] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 12:20:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:34] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 12:20:34] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 12:20:34] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/24/2007, 12:20:35] - BHO 4: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 12:20:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:35] - Checking for HKLM\...\Winlogon\Notify\tmp2.tmp
[02/24/2007, 12:20:35] - Key not found: HKLM\...\Winlogon\Notify\tmp2.tmp, continuing.
[02/24/2007, 12:20:35] - Finished Searching Browser Helper Objects
[02/24/2007, 12:20:35] - Finishing up...
[02/24/2007, 12:20:35] - A restart is needed.
[02/24/2007, 12:20:43] - Attempting to Restart via STOP error (Blue Screen!)
Merci encore.
Rapport VBG:
[02/24/2007, 12:20:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nabil\Mes documents\antispyware\VirtumundoBeGone.exe" )
[02/24/2007, 12:20:31] - Detected System Information:
[02/24/2007, 12:20:31] - Windows Version: 5.1.2600, Service Pack 2
[02/24/2007, 12:20:31] - Current Username: Nabil (Admin)
[02/24/2007, 12:20:31] - Windows is in NORMAL mode.
[02/24/2007, 12:20:31] - Searching for Browser Helper Objects:
[02/24/2007, 12:20:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/24/2007, 12:20:31] - BHO 2: {0982b6e5-39cd-4b0f-963f-7e3c13502583} ()
[02/24/2007, 12:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:31] - Checking for HKLM\...\Winlogon\Notify\dmcgnt
[02/24/2007, 12:20:31] - Found: HKLM\...\Winlogon\Notify\dmcgnt - This is probably Virtumundo.
[02/24/2007, 12:20:31] - Assigning {0982b6e5-39cd-4b0f-963f-7e3c13502583} MSEvents Object
[02/24/2007, 12:20:31] - BHO list has been changed! Starting over...
[02/24/2007, 12:20:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/24/2007, 12:20:31] - BHO 2: {0982b6e5-39cd-4b0f-963f-7e3c13502583} (MSEvents Object)
[02/24/2007, 12:20:31] - ALERT: Found MSEvents Object!
[02/24/2007, 12:20:31] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 12:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:31] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 12:20:31] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 12:20:31] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/24/2007, 12:20:31] - BHO 5: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 12:20:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:31] - Checking for HKLM\...\Winlogon\Notify\tmp2.tmp
[02/24/2007, 12:20:31] - Key not found: HKLM\...\Winlogon\Notify\tmp2.tmp, continuing.
[02/24/2007, 12:20:31] - Finished Searching Browser Helper Objects
[02/24/2007, 12:20:31] - *** Detected MSEvents Object
[02/24/2007, 12:20:31] - Trying to remove MSEvents Object...
[02/24/2007, 12:20:32] - Terminating Process: IEXPLORE.EXE
[02/24/2007, 12:20:33] - Terminating Process: RUNDLL32.EXE
[02/24/2007, 12:20:33] - Disabling Automatic Shell Restart
[02/24/2007, 12:20:33] - Terminating Process: EXPLORER.EXE
[02/24/2007, 12:20:33] - Suspending the NT Session Manager System Service
[02/24/2007, 12:20:33] - Terminating Windows NT Logon/Logoff Manager
[02/24/2007, 12:20:33] - Re-enabling Automatic Shell Restart
[02/24/2007, 12:20:33] - File to disable: C:\WINDOWS\system32\dmcgnt.dll
[02/24/2007, 12:20:33] - Renaming C:\WINDOWS\system32\dmcgnt.dll -> C:\WINDOWS\system32\dmcgnt.dll.vir
[02/24/2007, 12:20:34] - File successfully renamed!
[02/24/2007, 12:20:34] - Removing HKLM\...\Browser Helper Objects\{0982b6e5-39cd-4b0f-963f-7e3c13502583}
[02/24/2007, 12:20:34] - Removing HKCR\CLSID\{0982b6e5-39cd-4b0f-963f-7e3c13502583}
[02/24/2007, 12:20:34] - Adding Kill Bit for ActiveX for GUID: {0982b6e5-39cd-4b0f-963f-7e3c13502583}
[02/24/2007, 12:20:34] - Deleting ATLEvents/MSEvents Registry entries
[02/24/2007, 12:20:34] - Removing HKLM\...\Winlogon\Notify\dmcgnt
[02/24/2007, 12:20:34] - Searching for Browser Helper Objects:
[02/24/2007, 12:20:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/24/2007, 12:20:34] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/24/2007, 12:20:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:34] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/24/2007, 12:20:34] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/24/2007, 12:20:34] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/24/2007, 12:20:35] - BHO 4: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/24/2007, 12:20:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2007, 12:20:35] - Checking for HKLM\...\Winlogon\Notify\tmp2.tmp
[02/24/2007, 12:20:35] - Key not found: HKLM\...\Winlogon\Notify\tmp2.tmp, continuing.
[02/24/2007, 12:20:35] - Finished Searching Browser Helper Objects
[02/24/2007, 12:20:35] - Finishing up...
[02/24/2007, 12:20:35] - A restart is needed.
[02/24/2007, 12:20:43] - Attempting to Restart via STOP error (Blue Screen!)
Merci encore.
Ok !
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\system32\tmp2.tmp.dll
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\system32\tmp2.tmp.dll
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Bizarrement le fichier n'existe plus. Cependant j'ai trouvé le fichier C:\WINDOWS\System32\tmp6.tmp.dll et je l'ai fait analyser:
Scan taken on 24 Feb 2007 12:39:39 (GMT)
AntiVir Found TR/Juan.F
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found novirus:Packed/Upack
VBA32 Found nothing
Scan taken on 24 Feb 2007 12:39:39 (GMT)
AntiVir Found TR/Juan.F
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found novirus:Packed/Upack
VBA32 Found nothing
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Voilà je poste le rapport Vundofix et celui de Hijackthis.
VundoFix V6.1.4
Checking Java version...
Sun Java not detected
Scan started at 22:31:24 22/02/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.9
Checking Java version...
Sun Java not detected
Scan started at 12:20:58 23/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp2.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.9
Checking Java version...
Sun Java not detected
Scan started at 14:17:41 24/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp2.tmp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 14:30:25, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
D:\Utilitaires\Avast\aswUpdSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Utilitaires\Avast\ashServ.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
VundoFix V6.1.4
Checking Java version...
Sun Java not detected
Scan started at 22:31:24 22/02/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.3.9
Checking Java version...
Sun Java not detected
Scan started at 12:20:58 23/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp2.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.9
Checking Java version...
Sun Java not detected
Scan started at 14:17:41 24/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp2.tmp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 14:30:25, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
D:\Utilitaires\Avast\aswUpdSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Utilitaires\Avast\ashServ.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Fixe ceci:
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll (file missing)
Redemarre ton pc et remet un rapport
A+
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmp2.tmp.dll (file missing)
Redemarre ton pc et remet un rapport
A+
J'ai fais ce que tu m'as dit et je poste le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 15:21:22, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
D:\Utilitaires\Avast\aswUpdSv.exe
D:\Utilitaires\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:21:22, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Acer\eManager\anbmServ.exe
D:\Utilitaires\Avast\aswUpdSv.exe
D:\Utilitaires\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Centrino HC\Centrino_HC.exe
D:\UTILIT~1\Avast\ashDisp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
D:\Utilitaires\Avast\ashWebSv.exe
C:\Documents and Settings\Nabil\Mes documents\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Program Files\Centrino HC\Centrino_HC.exe" -quiet
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Utilitaires\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Utilitaires\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Utilitaires\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Utilitaires\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Search Navipromo version 1.0.3 commencé le 24/02/2007 à 11:52:06,28
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Documents and Settings\Nabil\Mes documents\antispyware
Mise a jour le 21.02.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Nabil\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1055.
[+] Started on 02/24/07 at 11:52:08.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .....................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 02/24/07 at 11:55:10 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)
*** Analyse Terminé le 24/02/2007 à 11:56:07,31 ***