Virus trojan win 32 hortst gz et ha

kimar92 -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour avast ma signaler des trojan win32 hortst gz et ha, je les supprime mais ils revienne a chaque fois

Que dois je faire?

voila le resultat de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 16:59:59, on 21/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\Fujitsu\LOCALS~1\Temp\30exgmail2.6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogole.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B94E2DD7F5E75422C38C3 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26F9A488-5A56-44E5-B113-88DD1822243F}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E16D1D1-211A-4E71-BF03-968300A7641D}: NameServer = 194.117.200.15,194.117.200.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{472A099D-A104-415C-97F9-B0B3B921E97E}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9207AAD2-F98D-4A68-BD29-59EFD7E7F17C}: NameServer = 194.117.200.11,194.117.200.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{B14BDC2C-B9C4-48B8-B03B-4703E1AE3DEF}: NameServer = 194.117.200.11,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA428A10-712B-4AB2-8C1F-C461BDC4070C}: NameServer = 194.117.200.15,194.117.200.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Configuration: Windows XP
Internet Explorer 7.0

6 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    supprime ce programme : zango

    ensuite :

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis stp

    @+
    0
    1. kimar92
       
      Mercie 1000 fois pour ton aide green Day
      Donc voila le Report.txt + hijackthis



      SDFix: Version 1.74

      Run by Fujitsu - 21/03/2007 - 19:27:56.82

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\Documents and Settings\Fujitsu\Bureau\SDFix

      Safe Mode:
      Checking Services:





      Restoring Windows Registry Entries
      Restoring Default Hosts File


      Rebooting...

      Normal Mode:
      Checking Files:

      Below files will be copied to Backups folder then removed:

      C:\DOCUME~1\Fujitsu\LOCALS~1\Temp\autorun.inf - Deleted
      C:\DOCUME~1\Fujitsu\LOCALS~1\Temp\uninstall.exe - Deleted
      C:\WINDOWS\system\smss.exe - Deleted


      Folder C:\DOCUME~1\Fujitsu\LOCALS~1\Temp\ICD1.tmp - Removed

      ADS Check:

      C:\WINDOWS\system32
      No streams found.


      Final Check:

      Remaining Services:
      ------------------


      [COLOR=RED][B]Rootkit PE386 maybe active, Use a Rootkit scanner![/COLOR][/B]

      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\46exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\46exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\12exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\12exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\59exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\59exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\94exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\94exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\29exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\29exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\96exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\96exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\50exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\50exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\83exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\83exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\64exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\64exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\13exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\13exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\61exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\61exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\68exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\68exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\48exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\48exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\40exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\40exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\45exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\45exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\37exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\37exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\0exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\0exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\97exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\97exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\26exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\26exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\78exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\78exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\66exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\66exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\7exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\7exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\74exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\74exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\27exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\27exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\73exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\73exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\98exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\98exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\43exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\43exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\41exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\41exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\67exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\67exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\14exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\14exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\9exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\9exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\38exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\38exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\82exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\82exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\36exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\36exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\91exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\91exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\8exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\8exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\56exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\56exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\76exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\76exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\33exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\33exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\SOSOFA~1\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\SOSOFA~1\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\SOSOFA~1\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\SOSOFA~1\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\69exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\69exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\25exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\25exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\18exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\18exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\60exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\60exinjs.a2.exe:*:Enabled:Microsoft Update"
      "C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\90exinjs.a2.exe"="C:\\DOCUME~1\\Fujitsu\\LOCALS~1\\Temp\\90exinjs.a2.exe:*:Enabled:Microsoft Update"


      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


      Remaining Files:
      ---------------

      Backups Folder: - C:\DOCUME~1\Fujitsu\Bureau\SDFix\backups\backups.zip

      Checking For Files with Hidden Attributes :

      C:\WINDOWS\system32\wodfamoh.dll
      C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
      C:\Documents and Settings\Fujitsu\Local Settings\Temp\~3.tmp
      C:\Documents and Settings\Fujitsu\Local Settings\Temp\~4.tmp
      C:\Documents and Settings\Fujitsu\Local Settings\Temp\~5.tmp
      C:\Documents and Settings\Fujitsu\Local Settings\Temp\~6B.tmp
      C:\Documents and Settings\Fujitsu\Local Settings\Temp\~BC.tmp
      C:\Documents and Settings\Fujitsu\Local Settings\Temp\~F.tmp
      C:\Program Files\wunauclt.zip

      Finished
      +


      Logfile of HijackThis v1.99.1
      Scan saved at 19:36:04, on 21/03/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogole.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.2
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B94E2DD7F5E75422C38C3 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
      O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
      O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SDFix] C:\Documents and Settings\Fujitsu\Bureau\SDFix\RunThis.bat /second
      O4 - HKLM\..\RunOnce: [SDFix] C:\DOCUME~1\Fujitsu\Bureau\SDFix\RunThis.bat /second
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{26F9A488-5A56-44E5-B113-88DD1822243F}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3E16D1D1-211A-4E71-BF03-968300A7641D}: NameServer = 194.117.200.15,194.117.200.10
      O17 - HKLM\System\CCS\Services\Tcpip\..\{472A099D-A104-415C-97F9-B0B3B921E97E}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9207AAD2-F98D-4A68-BD29-59EFD7E7F17C}: NameServer = 194.117.200.11,194.117.200.14
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B14BDC2C-B9C4-48B8-B03B-4703E1AE3DEF}: NameServer = 194.117.200.11,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EA428A10-712B-4AB2-8C1F-C461BDC4070C}: NameServer = 194.117.200.15,194.117.200.11
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, fais les manips de ce lien stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
    1. kimar92
       
      re est mercie pour ton aide


      1)donc pour CCleaner tout les erreurs 753 puis 325 puis 0 trouver
      est supprimé

      tout et clean


      2)POUR AVG anti-spyware


      voila le rapports AVG anti-spyware :

      objets infectés : 104
      objets analysés : 316719
      objets omis : 0
      le rapport AVG anti-spyware

      + Créé à: 15:31:15 22/03/2007

      + Résultat de l'analyse:



      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP235\A0107225.exe/clientax.dll -> Adware.180Solution : Nettoyé.
      C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solution : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP137\A0024261.exe -> Adware.180Solutions : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Nettoyé.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Nettoyé.
      HKU\S-1-5-21-839522115-1972579041-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP136\A0023899.exe -> Adware.HotBar : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP136\A0023904.exe -> Adware.HotBar : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP136\A0023905.dll -> Adware.HotBar : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP136\A0023912.dll -> Adware.HotBar : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP137\A0024066.dll -> Adware.Hotbar : Nettoyé.
      HKU\S-1-5-21-839522115-1972579041-725345543-1005\Software\IST -> Adware.ISTBar : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP153\A0034795.exe -> Adware.SaveNow : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Nettoyé.
      HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Nettoyé.
      HKLM\SOFTWARE\zango -> Adware.Zango : Nettoyé.
      HKU\S-1-5-21-839522115-1972579041-725345543-1005\Software\zango -> Adware.Zango : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP171\A0053136.exe -> Downloader.Adload.dr : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP165\A0052194.exe -> Downloader.Agent.aii : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP137\A0024348.exe -> Downloader.Delf.aup : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP136\A0023863.exe -> Hijacker.Costrat.ae : Nettoyé.
      C:\Program Files\serial.dat/patcher.exe -> Logger.Agent : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP132\A0017026.exe -> Logger.Agent : Nettoyé.
      C:\WINDOWS\patcher.exe -> Logger.Agent : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temporary Internet Files\Content.IE5\F7XNN9X3\mdac[1].htm -> Not-A-Virus.Exploit.JS.ADODB.Stream.e : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\0exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\12exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\18exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\19exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\1exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\23exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\25exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\27exssd32a.3.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\27exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\2exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\30exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\31exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\32exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\34exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\37exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\38exssd32a.3.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\39exssd32a.3.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\40exssd32a.3.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\40exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\42exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\44exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\46exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\49exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\51exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\52exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\53exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\55exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\59exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\60exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\61exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\64exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\68exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\75exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\78exssd32a.3.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\80exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\8exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\12exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\13exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\19exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\22exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\23exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\28exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\3exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\44exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\47exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\52exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\53exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\55exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\56exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\69exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\6exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\70exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\73exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\75exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\76exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\83exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\88exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\8exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\94exssd32a.4.exe -> Proxy.Horst.pu : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\98exssd32a.3.exe -> Proxy.Horst.pu : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP138\A0028848.exe -> Proxy.Horst.vs : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\19exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\50exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\5exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\Documents and Settings\Invité\Local Settings\Temp\64exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\14exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\72exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\Documents and Settings\sosofafamama\Local Settings\Temp\9exgmail2.6.exe -> Proxy.Horst.wo : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP192\A0083038.exe -> Trojan.Inject.ba : Nettoyé.
      C:\Program Files\serial.dat/widupdate.exe -> Trojan.Nilage.aeh : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP232\A0104829.exe -> Trojan.Nilage.aeh : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP199\A0087373.exe -> Trojan.Obfuscated.en : Nettoyé.
      C:\System Volume Information\_restore{DA63580A-6C78-4034-A426-C9A0DBEF105D}\RP199\A0088955.exe -> Trojan.Obfuscated.en : Nettoyé.


      Fin du rapport
      tout a etait nettoyé

      2em rapport BITDefender

      oupse g pas reussi a prendre le rapport
      o dela 2 2heur de scan tro dejouter







      3em rapport Hijackthis


      Logfile of HijackThis v1.99.1
      Scan saved at 17:59:44, on 22/03/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16414)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\lxcccoms.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ntvdm.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogole.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.2
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
      O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{26F9A488-5A56-44E5-B113-88DD1822243F}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3E16D1D1-211A-4E71-BF03-968300A7641D}: NameServer = 194.117.200.15,194.117.200.10
      O17 - HKLM\System\CCS\Services\Tcpip\..\{472A099D-A104-415C-97F9-B0B3B921E97E}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9207AAD2-F98D-4A68-BD29-59EFD7E7F17C}: NameServer = 194.117.200.11,194.117.200.14
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B14BDC2C-B9C4-48B8-B03B-4703E1AE3DEF}: NameServer = 194.117.200.11,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EA428A10-712B-4AB2-8C1F-C461BDC4070C}: NameServer = 194.117.200.15,194.117.200.11
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    est-ce que le scan en ligne t'avait trouvé quelque chose ???

    fais ceci stp :

    Télécharge clean.zip
    http://www.malekal.com/download/clean.zip
    Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
    Ouvre le dossier Clean qui se trouve sur ton bureau.
    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 1
    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    ensuite :

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 2
    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    ++
    0
    1. kimar92
       
      salut voila le 1er rapport option 1



      Rapport clean par Malekal_morte - http://www.malekal.com
      Option 1, executee le 24/03/2007 a 10:07:07.35

      *** Recherche de fichiers sur C:

      *** Recherche des fichiers dans C:\WINDOWS\

      *** Recherche des fichiers dans C:\WINDOWS\system32

      "C:\Program Files\serial.dat" FOUND
      *** Fin du rapport !



      et le 2em en mode sans échec option 2


      Script execute en mode sans echec
      Rapport clean par Malekal_morte - http://www.malekal.com
      Option 2, executee le 24/03/2007 a 10:17:14.45

      Microsoft Windows XP [version 5.1.2600]

      *** Suppression de fichiers sur C:

      *** Suppression des fichiers dans C:\WINDOWS\

      *** Suppression des fichiers dans C:\WINDOWS\system32

      tentative de suppression de "C:\Program Files\serial.dat"

      *** Suppression des clefs du registre effectuee..
      *** Fin du rapport !

      Mets une nouvelle fenêtre c ouverte
      (suppressions des fichiers) dans ( C : ) compressions des fichiers inutile !!!


      Je les annule voila voila
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, remets un nouveau hijack stp

    ++
    0
    1. kimar92
       
      ok
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kimar92
     
    voila voila

    Logfile of HijackThis v1.99.1
    Scan saved at 18:05:49, on 25/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\lxcccoms.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogole.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.2
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{26F9A488-5A56-44E5-B113-88DD1822243F}: NameServer = 194.117.200.10,194.117.200.15
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E16D1D1-211A-4E71-BF03-968300A7641D}: NameServer = 194.117.200.15,194.117.200.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{472A099D-A104-415C-97F9-B0B3B921E97E}: NameServer = 194.117.200.10,194.117.200.15
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9207AAD2-F98D-4A68-BD29-59EFD7E7F17C}: NameServer = 194.117.200.11,194.117.200.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B14BDC2C-B9C4-48B8-B03B-4703E1AE3DEF}: NameServer = 194.117.200.11,194.117.200.16
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA428A10-712B-4AB2-8C1F-C461BDC4070C}: NameServer = 194.117.200.15,194.117.200.11
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok,

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    @+
    0