[Trojan] Infecté par VideoActiveXobject

Résolu
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention   -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour à tous et à chacun,

Spybot me signale que je suis infecté par le trojan ZLOB.VideoActiveXobject
Je n' arrive pas à m' en débarrasser . J' ai corrigé le problème comme demandé par Spybot ,et il ne réapparait pas si je refais un scan dans la foulée; en revanche si je fais le scan après avoir relancé l' ordinateur le revoilà présent ! J' ai passé le scan d' Ad awer sans plus de succès. J'ai tourné longtemps sur le forum pour y trouver la solution et en désespoir de cause je joins à toute fin utile le log Hijakthis et celui de Smitfraudfix.

A noter que Bitdefender est désactvé et mon anti virus actif est AVAST

Je vous remercie de votre aide.

Logfile of HijackThis v1.99.1
Scan saved at 19:28:05, on 01/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O16 - DPF: {00330010-0000-0000-0000-000020160026} - http://207.234.185.217/installer/ABoxInst_int26.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


SmitFraudFix v2.144

Rapport fait à 19:33:50,17, 01/03/2007
Executé à partir de C:\Documents and Settings\nicolas.XXX\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nicolas.XXX


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nicolas.XXX\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NICOLA~1.FAM\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
A voir également:

10 réponses

Réponse 1 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Redemarre ton pc et copie colle le rapport de Spybot.

a+
1
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour Regis59 et merci de prendre en charge mon problème.

Voici le rapport Spybot :

---- Search result list ---
Zlob.VideoActiveXObject: Browser helper object (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Media Player: Anonymous ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Search Assistant: Typed search terms history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Search Assistant\ACMru

Windows Explorer: Recent wallpaper list (471 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: User Assistant history IE (4 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (34 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Recent file global history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinZip: Number of times run (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Nico Mak Computing\WinZip\rrs\Opened!=

Cookie: Cookie (11) (Cookie, nothing done)


Cache: Cache (130) (Cache, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2007-02-27 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-28 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-28 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-28 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-28 Includes\KeyloggersC.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-02-28 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-28 Includes\PUPSC.sbi (*)
2007-02-28 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-28 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-28 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-02-14 Includes\Trojans.sbi (*)
2007-02-28 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 819756
/ Windows Media Player: Windows Media Update 823738
/ Windows XP / SP2: Correctif Windows XP - KB821557
/ Windows XP / SP2: Correctif Windows XP - KB823387
/ Windows XP / SP2: Correctif Windows XP - KB823559
/ Windows XP / SP2: Correctif Windows XP - KB824146
/ Windows XP / SP2: Correctif Windows XP - KB824920
/ Windows XP / SP2: Correctif Windows XP - KB828028
/ Windows XP / SP2: Correctif Windows XP - KB828035
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB830786 for more information]
/ Windows XP / SP2: Package du correctif Windows XP [voir Q323255 pour plus de détails]
/ Windows XP / SP2: Correctif Windows XP (SP2) Q327979
/ Windows XP / SP2: Correctif Windows XP (SP2) Q328310
/ Windows XP / SP2: Correctif Windows XP (SP2) Q329112
/ Windows XP / SP2: Package du correctif Windows XP [voir Q329115 pour plus de détails]
/ Windows XP / SP2: Correctif Windows XP (SP2) Q329170
/ Windows XP / SP2: Package du correctif Windows XP [voir q329256 pour plus de détails]
/ Windows XP / SP2: Package du correctif Windows XP [voir Q329390 pour plus de détails]
/ Windows XP / SP2: Package du correctif Windows XP [voir Q329834 pour plus de détails]
/ Windows XP / SP2: Correctif Windows XP (SP2) Q329909
/ Windows XP / SP2: Correctif Windows XP (SP2) Q331953
/ Windows XP / SP2: Package du correctif Windows XP [voir Q331958 pour plus de détails]
/ Windows XP / SP2: Correctif Windows XP (SP2) Q810565
/ Windows XP / SP2: Correctif Windows XP (SP2) Q810577
/ Windows XP / SP2: Correctif Windows XP (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q810934 for more information]
/ Windows XP / SP2: Correctif Windows XP (SP2) Q811009
/ Windows XP / SP2: Correctif Windows XP (SP2) Q811630
/ Windows XP / SP2: Correctif Windows XP (SP2) Q811632
/ Windows XP / SP2: Correctif Windows XP (SP2) Q811789
/ Windows XP / SP2: Correctif Windows XP (SP2) Q814033
/ Windows XP / SP2: Correctif Windows XP (SP2) Q814995
/ Windows XP / SP2: Correctif Windows XP (SP2) Q815021
/ Windows XP / SP2: Correctif Windows XP (SP2) Q815485
/ Windows XP / SP2: Correctif Windows XP (SP2) Q817287
/ Windows XP / SP2: Correctif Windows XP (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q822688 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q827356 for more information]
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file:

Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file:

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: 26a15d8d5c81a3b053e82b01a5d8208e

Located: HK_LM:Run, BDAgent
command: "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
file: C:\Program Files\Softwin\BitDefender10\bdagent.exe
size: 49152
MD5: a50f7fee4d3ee86b18bfc3828c7ae573

Located: HK_LM:Run, BDMCon
command: "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
file: C:\Program Files\Softwin\BitDefender10\bdmcon.exe
size: 286720
MD5: c34aa92483c727cca7407e81608e8ad4

Located: HK_LM:Run, CamMonitor
command: c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
file: c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: c0de87745c950f2966394837c3683ae5

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 48128
MD5: 5d3494ff7afdc1c75d9c56c17f57c0e7

Located: HK_LM:Run, EPSON Stylus DX4200 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
size: 98304
MD5: 118506090766f47b0eafe78e4680f30b

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 118784
MD5: fdf30e15dfc8da6449fdc54946aa83ea

Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\System32\hphmon05.exe
file: C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: c39fcb57279d2c4d3235d31e43be4196

Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 9216
MD5: 71818ace5594a3b16d050b61f15ef7f1

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 25d60f3cd198007541b422cd34e677ce

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 32256
MD5: ac0f912ea7571e9c1ad7b64c83f72bd9

Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet /keeploaded /nodetect
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: e9e39cbf6d6aade3cc82b6227157c548

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864f6543c97a7e1b78505d2f1c

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 212992
MD5: d3cc7a3813123e955b3a497c04b404e2

Located: HK_LM:Run, Sunkist2k
command: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
file: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
size: 139264
MD5: 334e242417b1e66ecaf45d9dc62b288a

Located: HK_LM:Run, WinLogon
command: C:\WINDOWS\logon.exe
file:

Located: HK_LM:Run, WinMsg
command: C:\WINDOWS\winmsgr.exe
file:

Located: HK_LM:Run, NeroFilterCheck (DISABLED)
command: C:\WINDOWS\System32\NeroCheck.exe
file: C:\WINDOWS\System32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_CU:Run, Acme.PCHButton
command: C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
file: C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
size: 155648
MD5: 004e6249d5b93fae00b583af6afe98be

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
command: "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
file: C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
size: 94208
MD5: 7460f8a9edec9b00cf20dc401b7df6e2

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1670144
MD5: d494a82a823d155a182b1955aa71ad08

Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
file: C:\WINDOWS\system32\rundll32.exe
size: 32256
MD5: ac0f912ea7571e9c1ad7b64c83f72bd9

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8f1862afc3c79c0ea37621e87cc2fe6e

Located: Démarrage (tous utilisateurs), Docteur Club Internet.lnk
command: C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
file: C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
size: 217088
MD5: 90aebccb2e6ab9180113f21792d11c32

Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 233472
MD5: 5dc79fa6e8a946b425dcbfc2447807f0

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 87f2c8b29ac2fe10dc61aae942e0e420

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{4F7F2319-1C83-0389-44AC-9B0518199108} ()
BHO name:
CLSID name:

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 27/02/2007 06:13:26
Date (last access): 02/03/2007 05:31:54
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
BHO name:
CLSID name:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: ssv.dll
Short name:
Date (created): 09/11/2006 15:07:34
Date (last access): 01/03/2007 20:33:06
Date (last write): 09/11/2006 15:21:52
Filesize: 440056
Attributes: archive
MD5: BC7A3C412FE12F471603473294CEEEBE
CRC32: 40152D34
Version: 5.0.100.3



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{00330010-0000-0000-0000-000020160026} ()
DPF name:
CLSID name:
Installer:
Codebase: http://207.234.185.217/installer/ABoxInst_int26.exe

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
description:
classification: Legitimate
known filename: msgrchkr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 14:00:18
Date (last access): 02/03/2007 05:24:14
Date (last write): 29/05/2003 14:00:18
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 10/09/2006 11:24:06
Date (last access): 01/03/2007 20:33:10
Date (last write): 10/09/2006 11:24:06
Filesize: 557056
Attributes: archive
MD5: 2DA25D5262D714BFA420D6DE849E67A1
CRC32: 0098926B
Version: 7.1.0.210

{04F414E9-E352-4BC3-963D-7BFE5A5F31A9} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\egaccess4.inf
Codebase: http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab

{09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control)
DPF name:
CLSID name: France Telecom MDM ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\MDM.inf
Codebase: http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
description:
classification: Open for discussion
known filename: MDM.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: MDM.ocx
Short name:
Date (created): 23/06/2005 07:40:30
Date (last access): 26/02/2007 19:41:26
Date (last write): 23/06/2005 07:40:30
Filesize: 393216
Attributes: archive
MD5: 07D9EB8205B69FF7C830AE3E389541D2
CRC32: E10DA2ED
Version: 1.4.0.1

{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.11\USDR6V_0001_D18M3107NetInstaller.inf
Codebase: http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab

{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 06/04/2004 18:03:54
Date (last access): 02/03/2007 05:24:14
Date (last write): 06/04/2004 18:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 9.2.7513.1

{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} ()
DPF name:
CLSID name:
Installer:
Codebase: http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v)
DPF name:
CLSID name: VacPro.int_ver40v
Installer: C:\WINDOWS\Downloaded Program Files\int_ver40v.INF
Codebase: http://advnt01.com/dialer/intES_ver40v.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: int_ver40v.ocx
Short name: INT_VE~1.OCX
Date (created): 13/12/2006 13:16:24
Date (last access): 26/02/2007 19:41:52
Date (last write): 13/12/2006 13:16:24
Filesize: 57344
Attributes: archive
MD5: 847255967FE23631CA34F2051B5C9D21
CRC32: 078C1C19
Version: 1.0.0.0

{1D6711C8-7154-40BB-8380-3DEA45B69CBF} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Confirmed as malware
known filename: WebP2PInstaller.dll
info link:
info source: Safer Networking Ltd.

{1F2F4C9E-6F09-47BC-970D-3C54734667FE} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf
Codebase: https://support.norton.com/sp/en/us/home/current/info
description:
classification: Legitimate
known filename: LSSupCtl.dll
info link:
info source: Safer Networking Ltd.

{2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\EasyPack.inf
Codebase: http://acces.blonde.com/package/op/PackageHtmlCab.CAB
description:
classification: Confirmed as malware
known filename: PackageHtml.dll
info link:
info source: Safer Networking Ltd.

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 14:00:22
Date (last access): 02/03/2007 05:24:14
Date (last write): 29/05/2003 14:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 20/04/2006 12:36:16
Date (last access): 02/03/2007 05:24:14
Date (last write): 20/04/2006 12:36:16
Filesize: 231072
Attributes: archive
MD5: 9520F9523D9E1F7C5CDB6775A1B5E3D0
CRC32: 54141B8E
Version: 2006.2.22.58

{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6V_0001_D19M0709NetInstaller.inf
Codebase: https://www.afternic.com/domains/drivecleaner.com

{2F003D51-39FD-4D18-9016-95CF70B92ABE} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\Install.inf
Codebase: http://download.movienetworks.com/install/US/altpmtscab.cab

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 01/06/2004 13:36:58
Date (last access): 02/03/2007 05:24:16
Date (last write): 01/06/2004 13:36:58
Filesize: 141312
Attributes: archive
MD5: 508DA8ADF7BE51C22D13D02845FB431E
CRC32: 87D8A7AB
Version: 2004.6.1.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MSNPupld.inf
Codebase: http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
Long name: MsnPUpld.dll
Short name:
Date (created): 08/10/2004 15:01:22
Date (last access): 26/02/2007 19:41:52
Date (last write): 08/10/2004 15:01:22
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0

{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} ()
DPF name:
CLSID name:
Installer:
Codebase:

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 20/04/2006 12:43:06
Date (last access): 02/03/2007 05:24:16
Date (last write): 20/04/2006 12:43:06
Filesize: 161480
Attributes: archive
MD5: 3CB430974D11764CEEFB3120876BFB1F
CRC32: C269885A
Version: 2006.2.15.43

{71DA2A4E-ACB3-4065-9E41-8BC42EABE427} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\svcia32.inf
Codebase: http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 09/11/2006 15:07:34
Date (last access): 22/02/2007 18:42:58
Date (last write): 09/11/2006 15:21:54
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 14:00:20
Date (last access): 02/03/2007 05:24:14
Date (last write): 29/05/2003 14:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Zintro.ocx
Short name:
Date (created): 17/11/2004 21:44:52
Date (last access): 22/02/2007 18:45:36
Date (last write): 17/11/2004 21:44:52
Filesize: 114728
Attributes: archive
MD5: F94C4867418A1CA860D784CCD807740B
CRC32: 5DCE6500
Version: 9.3.2846.1

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 09/11/2006 15:07:34
Date (last access): 02/03/2007 05:36:54
Date (last write): 09/11/2006 15:21:54
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 09/11/2006 15:07:34
Date (last access): 02/03/2007 05:36:54
Date (last write): 09/11/2006 15:21:54
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ()
DPF name:
CLSID name:
Installer:
Codebase: https://support.norton.com/sp/en/us/home/current/info
description:
classification: Legitimate
known filename: SymAData.dll
info link:
info source: Safer Networking Ltd.

{D27CDB6E-AE6D-0000-0000-000000000000} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 09/11/2006 14:46:28
Date (last access): 01/03/2007 21:13:22
Date (last write): 09/11/2006 14:46:28
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0

{E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class)
DPF name:
CLSID name: IgbInstall Class
Installer: C:\WINDOWS\Downloaded Program Files\AxInst.inf
Codebase: http://www.internetgamebox.com/content/AxInst.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 820 ( 4) \SystemRoot\System32\smss.exe
PID: 900 ( 820) \??\C:\WINDOWS\system32\winlogon.exe
PID: 948 ( 900) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 960 ( 900) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 1148 ( 948) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1220 ( 948) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1560 ( 948) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: B1CE5287F096895D9BE26EB86F4D5FAF
PID: 1716 ( 948) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 59008
MD5: DC995DA2D258C0590C3AE07EC68BFEE6
PID: 1732 ( 948) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 132736
MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
PID: 1804 ( 948) C:\WINDOWS\System32\nvsvc32.exe
size: 77824
MD5: 88A8CFCD2BC3FF1484901CE985782E6E
PID: 1848 ( 948) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 2016 ( 948) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 256 ( 948) C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
size: 86016
MD5: B31359D3CD699A484AF46477231C019C
PID: 324 ( 948) C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
size: 233472
MD5: 6BF9E4B716E6A57B811277F51A283EA8
PID: 656 ( 948) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 255616
MD5: AA6691D73782FA5D94E0CED6D27C3DE8
PID: 684 ( 948) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 370304
MD5: D6B2638DDBFB34AC78B153CDD0792C37
PID: 1332 (1552) C:\WINDOWS\Explorer.EXE
size: 1008128
MD5: 82FE0D400CB1AC937234467B927B867A
PID: 1880 (1332) C:\WINDOWS\ehome\ehtray.exe
size: 48128
MD5: 5D3494FF7AFDC1C75D9C56C17F57C0E7
PID: 1532 (1148) C:\WINDOWS\ehome\ehmsas.exe
size: 45056
MD5: 7CB6751726FACA02AD1617FC58452CF1
PID: 1912 (1332) C:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 2036 (1332) C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: C0DE87745C950F2966394837C3683AE5
PID: 2060 (1332) C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: C39FCB57279D2C4D3235D31E43BE4196
PID: 2224 (1332) C:\Program Files\Multimedia Card Reader\shwicon2k.exe
size: 139264
MD5: 334E242417B1E66ECAF45D9DC62B288A
PID: 2232 (1332) C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: 25D60F3CD198007541B422CD34E677CE
PID: 2248 (1332) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
size: 98304
MD5: 118506090766F47B0EAFE78E4680F30B
PID: 2264 (1332) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
PID: 2392 (1332) C:\Program Files\Softwin\BitDefender10\bdmcon.exe
size: 286720
MD5: C34AA92483C727CCA7407E81608E8AD4
PID: 2428 (1332) C:\Program Files\Softwin\BitDefender10\bdagent.exe
size: 49152
MD5: A50F7FEE4D3EE86B18BFC3828C7AE573
PID: 2456 (1332) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: 26A15D8D5C81A3B053E82B01A5D8208E
PID: 2700 (1332) C:\Program Files\Messenger\msmsgs.exe
size: 1670144
MD5: D494A82A823D155A182B1955AA71AD08
PID: 2852 (1332) C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
size: 94208
MD5: 7460F8A9EDEC9B00CF20DC401B7DF6E2
PID: 2856 (2536) C:\WINDOWS\System32\rundll32.exe
size: 32256
MD5: AC0F912EA7571E9C1AD7B64C83F72BD9
PID: 2888 (1332) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8F1862AFC3C79C0EA37621E87CC2FE6E
PID: 2928 (1332) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 233472
MD5: 5DC79FA6E8A946B425DCBFC2447807F0
PID: 2972 (1332) C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 87F2C8B29AC2FE10DC61AAE942E0E420
PID: 2992 (2916) C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
size: 192512
MD5: 73326679718E5529160B3802D0AB8527
PID: 3272 (1332) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7633008
MD5: E616465EE8C3ADF883A71AEE2F1D31F7
PID: 3720 (1332) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3412 ( 948) C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
size: 81920
MD5: A20EB9A2772C8D2130FF10783E9B42EA
PID: 3540 ( 948) C:\Program Files\Softwin\BitDefender10\vsserv.exe
size: 389120
MD5: 2086EA85A3E11809F8BE578E459C82A3
PID: 4 ( 0) System
PID: 872 ( 820) csrss.exe
PID: 1356 ( 948) svchost.exe
PID: 1388 ( 948) svchost.exe
PID: 1964 ( 948) wdfmgr.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 02/03/2007 05:36:54

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
C:\WINDOWS\local.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://srch-fr9.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.europe-echecs.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FBDA286C-1B92-4548-A5F5-9CF288A37424}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FBDA286C-1B92-4548-A5F5-9CF288A37424}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44F48D6E-05DB-4346-881E-5D03825350FB}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44F48D6E-05DB-4346-881E-5D03825350FB}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA4F2EE9-66B3-46B9-B9FC-FB057607ECBF}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA4F2EE9-66B3-46B9-B9FC-FB057607ECBF}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C22368B-981C-46DD-A338-FF23089C40D6}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C22368B-981C-46DD-A338-FF23089C40D6}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
AnyDVD (AnyDVD)
install location: C:\Program Files\SlySoft\AnyDVD
uninstall cmd: "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
publisher: SlySoft

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\DOCUME~1\NICOLA~1.FAM\Bureau
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: https://www.avast.com/fr-fr/index

(CADI)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

(Creative Audio CD Ripper)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove

Creative Driver (Creative Driver)
uninstall cmd: C:\WINDOWS\System32\ctdrvins /s /u

Gestionnaire de disques amovible Creative (Creative Removable Disk Manager)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove

(Creative Sync Manager (Unicode))
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove

(Creative Video Converter)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove

DVD Shrink 3.2 (DVD Shrink_is1)
install location: C:\Program Files\DVD Shrink\
uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"
publisher: DVD Shrink
help link: http://www.dvdshrink.org

EPSON Logiciel imprimante (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Program Files\epson\escndv\setup\setup.exe /r

ESDX4800_4200 Guide util. (ESDX4800_4200 Guide util.)
install location: C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\HTJ\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Photo et imagerie HP 3.1 3.1 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: https://support.hp.com/us-en?openCLC=true

Internet Explorer Q832894 (ieupdate)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf

IncrediMail Xe (IncrediMail)
uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log

(InstallShield Uninstall Information)

Connexion Facile à Internet FE UI-2.2.0.937 (InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927})
version: 33554432
version (major): 2
estimated size: 2940
install date: 20031027
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036
publisher: Hewlett-Packard

Multimedia Card Reader 6.09 (InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78})
version: 101253120
version (major): 6
version (minor): 9
estimated size: 429
install date: 20050817
install source: C:\WINDOWS\Downloaded Installations\{AF17DDF5-7265-4D19-AEE1-9D4BC1CE40B7}\
uninstall cmd: C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}

EPSON Attach To Email 1.01.0000 (InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5})
version: 16842752
version (major): 1
version (minor): 1
install date: 20060328
install location: C:\Program Files\EPSON\Creativity Suite\Attach To Email\
install source: E:\COMMON\CreativitySuite\AttachToEmail\
uninstall cmd: C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
publisher: SEIKO EPSON
comments: Attach To Email - Email support app
help link: https://epson.com/

QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71615
install date: 20060910
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\NICOLA~1.FAM\LOCALS~1\Temp\_isB9A\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036
publisher: Apple Computer, Inc.
contact: Assistance AppleCare
help link: https://support.apple.com/fr-fr
help telephone: (33) 0825 888 024

Jéroboam 6.03 (Jeroboam_is1)
install date: 20070211
install location: C:\Program Files\JeroboamV6\
uninstall cmd: "C:\Program Files\JeroboamV6\unins000.exe"
help link: http://www.jeroboam.fr

(KB884016)

3.1 (KB893803)
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

5.8.15.asst_classic.asst_install (LE COMPAGNON CLUB)
uninstall cmd: C:\PROGRA~1\CLUB-I~1\LECOMP~1\Uninstall.exe TONLFR
publisher: Motive Communications, Inc.

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

Mozilla Firefox (2.0.0.2) 2.0.0.2 (fr) (Mozilla Firefox (2.0.0.2))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf

NVIDIA GART Driver (NVIDIA GART Driver)
uninstall cmd: C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver

Outlook Express Update Q330994 (oeupdate)
uninstall cmd: C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Microsoft Picture It! Photo Premium 9 9.0.0.0000 (PictureIt_v9)
install location: C:\Program Files\Microsoft Picture It! 9\
install source: E:\pip\
uninstall cmd: C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
publisher: Microsoft Corporation
0
Réponse 2 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)

O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O16 - DPF: {00330010-0000-0000-0000-000020160026} - http://207.234.185.217/installer/ABoxInst_int26.exe

O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/

O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com

O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab

O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -

O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab

Fermes HijackThis.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Bonsoir,

J' ai fais tout ce qui était prescrit en espérant avoir bien tout compris

Ci-dessous les rapprots demandés

Merci encore de ton aide

a+


SDFix: Version 1.69

Run by nicolas - 02/03/2007 @ 18:47:51,06

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Path:



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\kit14.tmp.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Administrateur.FAMILLELETRONE\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\Documents and Settings\Default User\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\Documents and Settings\nicolas.FAMILLELETRONE\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\WINDOWS\SMINST\HPCD.sys

Add/Remove Programs List:

AnyDVD
avast! Antivirus
CCleaner (remove only)
Creative Driver
Gestionnaire de disques amovible Creative
DVD Shrink 3.2
EPSON Logiciel imprimante
EPSON Scan
ESDX4800_4200 Guide util.
HijackThis 1.99.1
Photo et imagerie HP 3.1
Internet Explorer Q832894
IncrediMail Xe
Connexion Facile … Internet
Multimedia Card Reader
EPSON Attach To Email
QuickTime
J‚roboam 6.03
Language pack for Ad-Aware SE
Mozilla Firefox (2.0.0.2)
Commande ECHO d‚sactiv‚e.
NVIDIA GART Driver
Outlook Express Update Q330994
Microsoft Picture It! Photo Premium 9
Correctif Windows XP (SP2) Q327979
Correctif Windows XP (SP2) Q328310
Correctif Windows XP (SP2) Q329112
Package du correctif Windows XP [voir Q329115 pour plus de d‚tails]
Correctif Windows XP (SP2) Q329170
Package du correctif Windows XP [voir q329256 pour plus de d‚tails]
Package du correctif Windows XP [voir Q329390 pour plus de d‚tails]
Package du correctif Windows XP [voir Q329834 pour plus de d‚tails]
Correctif Windows XP (SP2) Q329909
Correctif Windows XP (SP2) Q331953
Package du correctif Windows XP [voir Q331958 pour plus de d‚tails]
Correctif Windows XP (SP2) Q810565
Correctif Windows XP (SP2) Q810577
Correctif Windows XP (SP2) Q810833
Correctif Windows XP (SP2) Q811009
Correctif Windows XP (SP2) Q811632
Correctif Windows XP (SP2) Q811789
Correctif Windows XP (SP2) Q814033
Correctif Windows XP (SP2) Q814995
Correctif Windows XP (SP2) Q815021
Correctif Windows XP (SP2) Q815485
Correctif Windows XP (SP2) Q817287
Correctif Windows XP (SP2) Q817606
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Starcraft
LE COMPAGNON CLUB
Lecteur Windows Mediaÿ10
Archiveur WinRAR
WinZip
S‚lecteur d'installation de Microsoft Worksÿ2004
XviD MPEG-4 Video Codec
ZENcast Organizer
Connexion Facile … Internet
Fritz8
AiO_Scan
Multimedia Card Reader
EPSON Attach To Email
HpSdpAppCoreApp
EPSON Scan Assistant
Google Toolbar for Firefox
DocProc
EPSON Image Clip Palette
Creative ZEN Vision M Series
J2SE Runtime Environment 5.0 Update 10
BitDefender Internet Security v10
HPSystemDiagnostics
Photosmart 140,240,7200,7600,7700,7900 Series
SkinsHP1
Readme
QuickProjects
HP Photo and Imaging 2.0 - Photosmart Cameras
EPSON Easy Photo Print
EPSON Copy Utility 3
Compl‚ment Microsoft Word pour Microsoft Works Suite
InstantShare
Ad-Aware SE Personal
PSShortcutsP
EPSON Web-To-Page
Director
QFolder
Intel(R) Extreme Graphics 2 Driver
Visual J# .NET Redistributable Package
Microsoft Word 2002
Scan
RecordNow!
Nero 7 Premium
hpmdtab
CreativeProjects
MSN Messenger 7.5
Fax
QuickTime
AiOSoftware
PhotoGallery
TuneUp Utilities 2007
Microsoft .NET Framework 1.1
HP Software Update
TrayApp
PrintScreen
Copy
SkinsHP2
Microsoft Picture It! Photo Premium 9
Unload
Microsoft Works
EPSON File Manager
AIOMinimal
HPIZ311
HP PSC & OfficeJet 3.0
HP Deskjet Preloaded Printer Drivers
WebReg

Finished



Logfile of HijackThis v1.99.1
Scan saved at 19:01:29, on 02/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {00330010-0000-0000-0000-000020160026} -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
Réponse 3 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

Installe AVG Anti-Spyware :

https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

¤ Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Copie/colle le rapport sur le forum.

A+
0
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour et merci

Voci le rapport AVG

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:35:06 03/03/2007

+ Résultat de l'analyse:



C:\Documents and Settings\Administrateur\Application Data\ShopperReports -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\db -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\report -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\nicolas.xxx\Cookies\nicolas@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\nicolas.xxx\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport
0
Réponse 4 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Remet un hijack this.

A+
0
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Le voilà :

Logfile of HijackThis v1.99.1
Scan saved at 15:12:00, on 03/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {00330010-0000-0000-0000-000020160026} -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner

- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
0
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour Regis59

J'ai eu le plus garnd mal à faire le scan et surtout à le copier coller:
Il y a une ribambelle de lignes comme celle ci dessous:
C:\Documents and Settings\Administrateur\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList L'objet est verrouillé
Aussi ai-je pris sur moi de ne copier que les lignes marquées 'infecté' en espérant ne pas en avoir oublié!
Il y a peut-être une technique de scan que je n' ai pas utilisée: j' ai fait un scan standard du poste de travail ...

Sunday, March 04, 2007 7:50:36 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 4/03/2007
Enregistrements dans la base antivirus Kaspersky : 260206
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
Statistiques de l'analyse
Total d'objets analysés 136280
Nombre de virus trouvés 14
Nombre d'objets infectés 66 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:12:18

ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré

C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Historique\History.IE5\MSHist012007030420070305\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Temp\~DF1B1F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Tempmetasploit.exe Infecté : Trojan-Downloader.Win32.VB.ft ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\nicolas.FAMILLExxx\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Club-Internet\LE COMPAGNON CLUB\log\mpbtn.log L'objet est verrouillé ignoré
C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.ilg L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/BB.class Infecté : Trojan.Java.ClassLoader.o ignoré
C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenConnection.k ignoré
C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip ZIP: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip CryptFF: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/GetAccess.class Infecté : Trojan.Java.ClassLoader.c ignoré
C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/InsecureClassLoader.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.a ignoré
C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/Installer.class Infecté : Trojan-Downloader.Java.OpenConnection.v ignoré
C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip ZIP: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip CryptFF: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/Bubble.class Infecté : Trojan.Java.ClassLoader.Dummy.e ignoré
C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenStream.h ignoré
C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip ZIP: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip CryptFF: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\110F7BBC L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\Quarantine\1D9E766A L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/Bubble.class Infecté : Trojan.Java.ClassLoader.Dummy.e ignoré
C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenStream.h ignoré
C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip ZIP: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip CryptFF: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/BB.class Infecté : Trojan.Java.ClassLoader.o ignoré
C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenConnection.k ignoré
C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip ZIP: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip CryptFF: infecté - 4 ignoré
C:\Program Files\Norton AntiVirus\Quarantine\2460559A L'objet est verrouillé ignoré
C:\Program Files\Norton AntiVirus\Quarantine\2A0E0A75 Infecté : Trojan-Clicker.JS.Linker.h ignoré

C:\WINDOWS\Dispatcher.exe Infecté : Trojan-PSW.Win32.VB.kg ignoré
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd1229.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\tmp00002c2a\tmp00000000 L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\WINDOWS\winmsgr.exe Infecté : Trojan-Downloader.Win32.VB.fi ignoré
Analyse terminée.

Merci pour ta réponse
0
Réponse 6 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !

Supprime ceci:

C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\<gras>JunkMail.imm

C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

0
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour Regis59,

Voici ls 2 rapports demandés:



SDFix: Version 1.69

Run by nicolas - 05/03/2007 @ 18:45:29,18

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Path:



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\dispatcher.exe - Deleted
C:\WINDOWS\winmsgr.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Administrateur.FAMILLExxx\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\Documents and Settings\Default User\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\Documents and Settings\nicolas.FAMILLExxx\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
C:\WINDOWS\SMINST\HPCD.sys

Add/Remove Programs List:

AnyDVD
avast! Antivirus
AVG Anti-Spyware 7.5
CCleaner (remove only)
Creative Driver
Gestionnaire de disques amovible Creative
DVD Shrink 3.2
EPSON Logiciel imprimante
EPSON Scan
ESDX4800_4200 Guide util.
HijackThis 1.99.1
Photo et imagerie HP 3.1
Internet Explorer Q832894
IncrediMail Xe
Connexion Facile … Internet
Multimedia Card Reader
EPSON Attach To Email
QuickTime
J‚roboam 6.03
Kaspersky Online Scanner
Language pack for Ad-Aware SE
Mozilla Firefox (2.0.0.2)
Commande ECHO d‚sactiv‚e.
NVIDIA GART Driver
Outlook Express Update Q330994
Microsoft Picture It! Photo Premium 9
Correctif Windows XP (SP2) Q327979
Correctif Windows XP (SP2) Q328310
Correctif Windows XP (SP2) Q329112
Package du correctif Windows XP [voir Q329115 pour plus de d‚tails]
Correctif Windows XP (SP2) Q329170
Package du correctif Windows XP [voir q329256 pour plus de d‚tails]
Package du correctif Windows XP [voir Q329390 pour plus de d‚tails]
Package du correctif Windows XP [voir Q329834 pour plus de d‚tails]
Correctif Windows XP (SP2) Q329909
Correctif Windows XP (SP2) Q331953
Package du correctif Windows XP [voir Q331958 pour plus de d‚tails]
Correctif Windows XP (SP2) Q810565
Correctif Windows XP (SP2) Q810577
Correctif Windows XP (SP2) Q810833
Correctif Windows XP (SP2) Q811009
Correctif Windows XP (SP2) Q811632
Correctif Windows XP (SP2) Q811789
Correctif Windows XP (SP2) Q814033
Correctif Windows XP (SP2) Q814995
Correctif Windows XP (SP2) Q815021
Correctif Windows XP (SP2) Q815485
Correctif Windows XP (SP2) Q817287
Correctif Windows XP (SP2) Q817606
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Starcraft
LE COMPAGNON CLUB
Lecteur Windows Mediaÿ10
Archiveur WinRAR
WinZip
S‚lecteur d'installation de Microsoft Worksÿ2004
XviD MPEG-4 Video Codec
ZENcast Organizer
Connexion Facile … Internet
Fritz8
AiO_Scan
Multimedia Card Reader
EPSON Attach To Email
HpSdpAppCoreApp
EPSON Scan Assistant
Google Toolbar for Firefox
DocProc
EPSON Image Clip Palette
Creative ZEN Vision M Series
J2SE Runtime Environment 5.0 Update 10
BitDefender Internet Security v10
HPSystemDiagnostics
Photosmart 140,240,7200,7600,7700,7900 Series
SkinsHP1
Readme
QuickProjects
HP Photo and Imaging 2.0 - Photosmart Cameras
EPSON Easy Photo Print
EPSON Copy Utility 3
Compl‚ment Microsoft Word pour Microsoft Works Suite
InstantShare
Ad-Aware SE Personal
PSShortcutsP
EPSON Web-To-Page
Director
QFolder
Intel(R) Extreme Graphics 2 Driver
Visual J# .NET Redistributable Package
Microsoft Word 2002
Scan
RecordNow!
Nero 7 Premium
hpmdtab
CreativeProjects
MSN Messenger 7.5
Fax
QuickTime
AiOSoftware
PhotoGallery
TuneUp Utilities 2007
Microsoft .NET Framework 1.1
HP Software Update
TrayApp
PrintScreen
Copy
SkinsHP2
Microsoft Picture It! Photo Premium 9
Unload
Microsoft Works
EPSON File Manager
AIOMinimal
HPIZ311
HP PSC & OfficeJet 3.0
HP Deskjet Preloaded Printer Drivers
WebReg

Finished

Logfile of HijackThis v1.99.1
Scan saved at 19:07:27, on 05/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HTJ\HijackThis.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
c:\program files\softwin\bitdefender10\bdmcon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Temp\wz1c15\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {00330010-0000-0000-0000-000020160026} -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Merci et a+
0
Réponse 7 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

Désactive le temps de la manip, le Tea timer de Spybot
lance Spybot >mode avancé> outils >> résident
Décoche la case résident "tea timer"
referme Spybot

----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)

O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O16 - DPF: {00330010-0000-0000-0000-000020160026} -

O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -

O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -

O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -

O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -

O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\WINDOWS\logon.exe

Redemarre ton pc, et remet un rapport hijackthis

A+
0
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Re-bonjour,

J'ai tout fait sauf que ( je dois être le vrai manche) je n' ai pas trouvé de C:vindows\logon.exe
Il y bien des logon mais pas à cette adresse ( plutôt des adresses genre C:windows\quelque chose\logon

Quoiqu' il en soit voici la dernière livraison du log HJT et encore merci de ton aide

Logfile of HijackThis v1.99.1
Scan saved at 21:45:05, on 05/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

A+
0
Réponse 8 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut,

Ok !

Ou en sont tes soucis?.

A+
0
Réponse 9 / 10
percy73 Messages postés 58 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

Je n' osais rien entreprendre avant d' avoir de tes nouvelles ; du coup j'ai relancé un scan Spybot et ... plus de trojan !!! OUF!

Je te remercie infiniment pour ton aide .

a+
0
Réponse 10 / 10
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

De rien !

Des questions?

Bonne nuit.

A+
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses