Cheval troie win32:VBStat-C [Trj]

Andrea -  
AndréaDS Messages postés 48 Statut Membre -
J'ai un problème avec un virus nommé Cheval de Troie win32:VBStat-C [Trj] . Avast le trouve comme virus, mais lorsque je veux le supprimer, il ne le trouve pas, donc il ne le supprime pas. Que dois-je faire?
Configuration: Windows XP
Internet Explorer 7.0

25 réponses

  • 1
  • 2
  1. Andrea
     
    De plus, lorsque j'ouvre mon ordinateur, une boite d'erreur s'ouvre en parlant d'un application "rundll ou quelque chose du genre" qui ne s'est pas ouverte. Et lorsque je navigue sur internet, j'ai des pub CiD; qui apparaissent... Et mon ordi, qui était tellement rapide, est devenu incroyablement lent... Aidez-moi s'il vous plaît!!
    0
  2. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir,

    télécharge HijackThis:

    http://pchelpbordeaux.free.fr/logiciels.html

    Tutorial:

    http://pchelpbordeaux.free.fr/tuto.html

    Démo en image:

    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Fais un scan et poste l'analyse.

    a+
    0
    1. Andrea
       
      Logfile of HijackThis v1.99.1
      Scan saved at 17:14:37, on 05/04/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16414)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\WINDOWS\htpatch.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
      C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\FolderShare\FolderShare.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {36A8D421-B709-4AF5-BB60-2FAE0D0EC572} - C:\WINDOWS\system32\fccab.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\fslgeluc.dll (file missing)
      O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\byxvusr.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: (no name) - {837C1BB2-DB6D-4F37-BB40-4DE7242F57Ce} - C:\WINDOWS\system32\teievaaj.dll
      O2 - BHO: (no name) - {A8C4F218-5A1F-4294-9BD3-FA899DA6B28B} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
      O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
      O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
      O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\olhdcrgq.dll",setvm
      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: byxvusr - C:\WINDOWS\SYSTEM32\byxvusr.dll
      O20 - Winlogon Notify: fccab - C:\WINDOWS\system32\fccab.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe



      Voilà
      0
  3. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    * Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

    http://www.atribune.org/public-beta/VundoFix.exe

    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    a+
    0
  4. Andrea
     
    Je vais essayer, mais est-ce que ça va régler tous mes problèmes ou bien just le trojan?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    fais ce que je te demande!

    sinon ne demande pas d'aide!

    a+
    0
  7. Andrea
     
    Même après l'avoir redémarré 2 fois, il me demande toujours de le redémarrer...
    0
  8. Andrea
     
    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 17:48:06 05/04/2007

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\baccf.bak1
    C:\WINDOWS\SYSTEM32\baccf.bak2
    C:\WINDOWS\SYSTEM32\baccf.ini
    C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\baccf.tmp
    C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\eeefe.ini
    C:\WINDOWS\SYSTEM32\efeee.dll
    C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\fslgeluc.dll
    C:\WINDOWS\SYSTEM32\jkkhiif.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.bak1
    C:\WINDOWS\SYSTEM32\baccf.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.bak2
    C:\WINDOWS\SYSTEM32\baccf.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.ini
    C:\WINDOWS\SYSTEM32\baccf.ini Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\baccf.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.tmp
    C:\WINDOWS\SYSTEM32\baccf.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\eeefe.ini
    C:\WINDOWS\SYSTEM32\eeefe.ini Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\efeee.dll
    C:\WINDOWS\SYSTEM32\efeee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\fccab.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\jkkhiif.dll
    C:\WINDOWS\SYSTEM32\jkkhiif.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:32:42 05/04/2007

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\SYSTEM32\xgfirvdp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\baccf.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\fccab.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\system32\iiiii.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\xgfirvdp.dll
    C:\WINDOWS\SYSTEM32\xgfirvdp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Logfile of HijackThis v1.99.1
    Scan saved at 19:09:52, on 05/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FolderShare\FolderShare.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {06CE0596-CD06-4441-91C4-98280175FD23} - C:\WINDOWS\system32\iiiii.dll
    O2 - BHO: (no name) - {36A8D421-B709-4AF5-BB60-2FAE0D0EC572} - C:\WINDOWS\system32\fccab.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\xmmgngtu.dll
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\byxvusr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {837C1BB2-DB6D-4F37-BB40-4DE7242F57Ce} - C:\WINDOWS\system32\teievaaj.dll
    O2 - BHO: (no name) - {A8C4F218-5A1F-4294-9BD3-FA899DA6B28B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\olhdcrgq.dll",setvm
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: byxvusr - C:\WINDOWS\SYSTEM32\byxvusr.dll
    O20 - Winlogon Notify: iiiii - C:\WINDOWS\system32\iiiii.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    Là... je sais pas si le Vundo c'est correct...
    0
  9. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    1)

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix!

    2) rends toi ici:

    http://www.virustotal.com/flash/index_en.html

    et fais analyser:

    C:\WINDOWS\system32\WinFlyer32.dll

    et

    C:\WINDOWS\system32\olhdcrgq.dll

    poste le rapport virustotal ainsi qu'un nouvel hijackthis!

    a+
    0
  10. Andréa
     
    Je n'ai pas le fichier
    C:\WINDOWS\system32\olhdcrgq.dll
    0
  11. Andréa
     
    Je n'ai pas pu le olhdcrgq.dll donc j'ai seulement l'analyse de WinFlyer32.dll

    Fichiers joints en ordre:

    *Rapport Vundofix
    *Analyse de C:\WINDOWS\system32\WinFlyer32.dll
    *Rapport HiJackThis

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 17:48:06 05/04/2007

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\baccf.bak1
    C:\WINDOWS\SYSTEM32\baccf.bak2
    C:\WINDOWS\SYSTEM32\baccf.ini
    C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\baccf.tmp
    C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\eeefe.ini
    C:\WINDOWS\SYSTEM32\efeee.dll
    C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\fslgeluc.dll
    C:\WINDOWS\SYSTEM32\jkkhiif.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.bak1
    C:\WINDOWS\SYSTEM32\baccf.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.bak2
    C:\WINDOWS\SYSTEM32\baccf.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.ini
    C:\WINDOWS\SYSTEM32\baccf.ini Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\baccf.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.tmp
    C:\WINDOWS\SYSTEM32\baccf.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\eeefe.ini
    C:\WINDOWS\SYSTEM32\eeefe.ini Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\efeee.dll
    C:\WINDOWS\SYSTEM32\efeee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\fccab.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\jkkhiif.dll
    C:\WINDOWS\SYSTEM32\jkkhiif.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:32:42 05/04/2007

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\SYSTEM32\xgfirvdp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\baccf.ini2
    C:\WINDOWS\SYSTEM32\baccf.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\fccab.dll
    C:\WINDOWS\system32\fccab.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\system32\iiiii.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\xgfirvdp.dll
    C:\WINDOWS\SYSTEM32\xgfirvdp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\byxvusr.dll
    C:\WINDOWS\SYSTEM32\byxvusr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\system32\iiiii.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\system32\iiiii.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Complete scanning result of "WinFlyer32.dll", processed in VirusTotal at
    04/07/2007 06:04:26 (CET).

    [ file data ]
    * name: WinFlyer32.dll
    * size: 98304
    * md5.: 3770a07c903a976cbbc53b682802a16d
    * sha1: 59f768a47ed11f4277626da1b4ca6a004a77167f

    [ scan result ]
    AhnLab-V3 2007.4.7.0/20070406 found nothing
    AntiVir 7.3.1.48/20070406 found [TR/Spy.Winflyer]
    Authentium 4.93.8/20070406 found nothing
    Avast 4.7.936.0/20070406 found nothing
    AVG 7.5.0.447/20070407 found nothing
    BitDefender 7.2/20070407 found [Adware.Winflyer.A]
    CAT-QuickHeal 9.00/20070406 found [Adware.WinFlyer.a (Not a Virus)]
    ClamAV devel-20070312/20070407 found nothing
    DrWeb 4.33/20070406 found nothing
    eSafe 7.0.15.0/20070406 found nothing
    eTrust-Vet 30.7.3549/20070406 found nothing
    Ewido 4.0/20070406 found nothing
    F-Prot 4.3.1.45/20070404 found nothing
    F-Secure 6.70.13030.0/20070406 found [W32/Virtumonde.FVY]
    FileAdvisor 1/20070407 found nothing
    Fortinet 2.85.0.0/20070407 found nothing
    Ikarus T3.1.1.3/20070406 found nothing
    Kaspersky 4.0.2.24/20070407 found nothing
    McAfee 5003/20070406 found nothing
    Microsoft 1.2405/20070406 found nothing
    NOD32v2 2172/20070407 found nothing
    Norman 5.80.02/20070405 found [W32/Virtumonde.FVY]
    Panda 9.0.0.4/20070406 found [Spyware/Virtumonde]
    Prevx1 V2/20070407 found nothing
    Sophos 4.16.0/20070406 found nothing
    Sunbelt 2.2.907.0/20070407 found nothing
    Symantec 10/20070407 found nothing
    TheHacker 6.1.6.085/20070404 found nothing
    VBA32 3.11.3/20070406 found nothing
    VirusBuster 4.3.7:9/20070406 found nothing
    Webwasher-Gateway 6.0.1/20070407 found [Trojan.Spy.Winflyer]

    Logfile of HijackThis v1.99.1
    Scan saved at 00:10:23, on 07/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FolderShare\FolderShare.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {36A8D421-B709-4AF5-BB60-2FAE0D0EC572} - C:\WINDOWS\system32\fccab.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\klkthoad.dll
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\byxvusr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {837C1BB2-DB6D-4F37-BB40-4DE7242F57Ce} - C:\WINDOWS\system32\teievaaj.dll
    O2 - BHO: (no name) - {A8C4F218-5A1F-4294-9BD3-FA899DA6B28B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: (no name) - {E52729A9-35C2-4983-B95B-BB9481C1D474} - C:\WINDOWS\system32\iiiii.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\olhdcrgq.dll",setvm
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: byxvusr - C:\WINDOWS\SYSTEM32\byxvusr.dll
    O20 - Winlogon Notify: iiiii - C:\WINDOWS\system32\iiiii.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    Voilà
    0
  12. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    1. Télécharge The Avenger par Swandog46 sur ton Bureau:

    http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

    Click sur Avenger.zip pour ouvrir le fichier
    Extraire avenger.exe sur votre bureau

    2. Copie tout le texte en gras ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

    Files to delete:
    C:\WINDOWS\system32\klkthoad.dll
    C:\WINDOWS\system32\byxvusr.dll
    C:\WINDOWS\system32\iiiii.dll
    C:\WINDOWS\system32\WinFlyer32.dll
    C:\WINDOWS\system32\olhdcrgq.dll


    3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.
    Sous "Script file to execute" choisir "Input Script Manually".
    Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
    Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches (Ctrl+V).
    Cliquer Done
    ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
    Réponds "Yes" deux fois quand demandé.

    4. The Avenger va automatiquement faire ce qui suit:
    Il va Re-démarrer le système.
    Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau, ceci est NORMAL.
    Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

    5. Pour finir copie/colle le contenu du ficher c:\avenger.txt ainsi qu'un nouvel hijackthis!

    a+
    0
  13. Andréa
     
    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Error: could not create zip file.
    Error code: 0

    //////////////////////////////////////////

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\jmibigfp

    *******************

    Script file located at: \??\C:\vsydinlr.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\klkthoad.dll deleted successfully.
    File C:\WINDOWS\system32\byxvusr.dll deleted successfully.
    File C:\WINDOWS\system32\iiiii.dll deleted successfully.
    File C:\WINDOWS\system32\WinFlyer32.dll deleted successfully.

    File C:\WINDOWS\system32\olhdcrgq.dll not found!
    Deletion of file C:\WINDOWS\system32\olhdcrgq.dll failed!

    Could not process line:
    C:\WINDOWS\system32\olhdcrgq.dll
    Status: 0xc0000034

    Completed script processing.

    *******************

    Finished! Terminate.//////////////////////////////////////////

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ottbmjck

    *******************

    Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.

    Could not open script file! Status: 0xc0000034 Abort!

    Logfile of HijackThis v1.99.1
    Scan saved at 17:12:16, on 08/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FolderShare\FolderShare.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {36A8D421-B709-4AF5-BB60-2FAE0D0EC572} - C:\WINDOWS\system32\fccab.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\klkthoad.dll (file missing)
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\byxvusr.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {837C1BB2-DB6D-4F37-BB40-4DE7242F57Ce} - C:\WINDOWS\system32\teievaaj.dll
    O2 - BHO: (no name) - {A8C4F218-5A1F-4294-9BD3-FA899DA6B28B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: (no name) - {F1C74476-F83A-4730-8936-A361DE91E411} - C:\WINDOWS\system32\iiiii.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\olhdcrgq.dll",setvm
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: byxvusr - byxvusr.dll (file missing)
    O20 - Winlogon Notify: iiiii - C:\WINDOWS\system32\iiiii.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    Voilà
    0
  14. gaelle
     
    j ai un cheval de troie Win32:Small-ERH [Trj] que faire?
    0
  15. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir andrea,

    poste un nouvel hijackthis!

    a+
    0
    1. Andréa
       
      Logfile of HijackThis v1.99.1
      Scan saved at 16:19:27, on 09/04/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16414)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\WINDOWS\htpatch.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
      C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\FolderShare\FolderShare.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\WINDOWS\system32\WTablet\TabUserW.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Winamp\winamp.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\WINDOWS\System32\imapi.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {36A8D421-B709-4AF5-BB60-2FAE0D0EC572} - C:\WINDOWS\system32\fccab.dll (file missing)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\klkthoad.dll (file missing)
      O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\byxvusr.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: (no name) - {837C1BB2-DB6D-4F37-BB40-4DE7242F57Ce} - C:\WINDOWS\system32\teievaaj.dll
      O2 - BHO: (no name) - {A8C4F218-5A1F-4294-9BD3-FA899DA6B28B} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O2 - BHO: (no name) - {D5B2BF04-D277-4C05-A16C-40FD220797B9} - C:\WINDOWS\system32\teievaaj.dll
      O2 - BHO: (no name) - {F1C74476-F83A-4730-8936-A361DE91E411} - C:\WINDOWS\system32\iiiii.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
      O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
      O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
      O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\olhdcrgq.dll",setvm
      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: byxvusr - byxvusr.dll (file missing)
      O20 - Winlogon Notify: iiiii - C:\WINDOWS\system32\iiiii.dll (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe





      Voilà.
      0
  16. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir Andrea,

    1) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

    O2 - BHO: (no name) - {36A8D421-B709-4AF5-BB60-2FAE0D0EC572} - C:\WINDOWS\system32\fccab.dll (file missing)
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\klkthoad.dll (file missing)
    O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\byxvusr.dll (file missing)
    O2 - BHO: (no name) - {837C1BB2-DB6D-4F37-BB40-4DE7242F57Ce} - C:\WINDOWS\system32\teievaaj.dll
    O2 - BHO: (no name) - {A8C4F218-5A1F-4294-9BD3-FA899DA6B28B} - (no file)
    O2 - BHO: (no name) - {D5B2BF04-D277-4C05-A16C-40FD220797B9} - C:\WINDOWS\system32\teievaaj.dll
    O2 - BHO: (no name) - {F1C74476-F83A-4730-8936-A361DE91E411} - C:\WINDOWS\system32\iiiii.dll (file missing)
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\olhdcrgq.dll",setvm
    O20 - Winlogon Notify: byxvusr - byxvusr.dll (file missing)
    O20 - Winlogon Notify: iiiii - C:\WINDOWS\system32\iiiii.dll (file missing)

    2) Télécharge AVG Anti-Spyware:

    https://www.avg.com/en-ww/free-antivirus-download

    Tu l'installes.
    Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

    Lance AVG Anti-Spyware
    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    poste le rapport AVG!ainsi qu'un nouvel hijackthis!

    a+
    0
    1. Andréa
       
      SAlut

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 21:38:15 10/04/2007

      + Résultat de l'analyse:



      C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\PGSCJ7NT\mm[1].js -> Adware.Chitika : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Microsoft AntiSpyware\Quarantine\12899841-3BAC-4696-B2F8-8EF3BC\225EBA6A-C036-43C3-871B-79AA7F -> Adware.HelpExpress : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\FileSubmit\Cascading Falls\NNEZTA388.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Microsoft AntiSpyware\Quarantine\8D76B738-85DD-4C87-9EA3-1CAD5B\FA99CCB5-2002-4C93-A5EF-6EEF45 -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Microsoft AntiSpyware\Quarantine\12899841-3BAC-4696-B2F8-8EF3BC\962E0837-070F-4632-B921-5D34FD -> Adware.WebRebates : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\valérie\Bureau\Valérie\Jeux\CursorManiaSetup2.0.4.18.exe -> Dropper.Small : Nettoyé et sauvegardé (mise en quarantaine).
      C:\RECYCLER\S-1-5-21-1960408961-1202660629-1957994488-1007\Dc4.zip/Setup.exe -> Logger.Winflyer : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\2N21OVIP\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\WOFNB9Y5\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\WOFNB9Y5\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\france\Cookies\france@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@2o7[3].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@amazonsearsca.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@americanskiingco.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@crutchfield.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@geosign.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@pearlizumi.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\WINDOWS\TEMP\Cookies\andréa@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ad-flow[1].txt -> TrackingCookie.Ad-flow : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ad-flow[2].txt -> TrackingCookie.Ad-flow : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ad-flow[4].txt -> TrackingCookie.Ad-flow : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ad-logics[2].txt -> TrackingCookie.Ad-logics : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Nettoyé.
      C:\WINDOWS\TEMP\Cookies\andréa@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@admonitor[2].txt -> TrackingCookie.Admonitor : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@admonitor[1].txt -> TrackingCookie.Admonitor : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@admonitor[2].txt -> TrackingCookie.Admonitor : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@admonitor[2].txt -> TrackingCookie.Admonitor : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ad.adnet[2].txt -> TrackingCookie.Adnet : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adorigin[1].txt -> TrackingCookie.Adorigin : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adorigin[3].txt -> TrackingCookie.Adorigin : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@adorigin[1].txt -> TrackingCookie.Adorigin : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@t1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@z1.adserver[3].txt -> TrackingCookie.Adserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@z1.adserver[4].txt -> TrackingCookie.Adserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@advertising[4].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@advertising[5].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@servedby.advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@servedby.advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@servedby.advertising[4].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@servedby.advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@bfast[1].txt -> TrackingCookie.Bfast : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@bluestreak[3].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@bluestreak[4].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@casinopays[1].txt -> TrackingCookie.Casinopays : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@clickagents[1].txt -> TrackingCookie.Clickagents : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@clickagents[1].txt -> TrackingCookie.Clickagents : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cz9.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@ads.cnn[1].txt -> TrackingCookie.Cnn : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ads.cnn[1].txt -> TrackingCookie.Cnn : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@counter.cnw[1].txt -> TrackingCookie.Cnw : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ads.guardian.co[1].txt -> TrackingCookie.Co : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@com[1].txt -> TrackingCookie.Com : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@com[1].txt -> TrackingCookie.Com : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@dpreview-cnet.com[1].txt -> TrackingCookie.Com : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fl01.ct2.comclick[3].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fl01.ct2.comclick[4].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www.commission-junction[2].txt -> TrackingCookie.Commission-junction : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@www.commission-junction[2].txt -> TrackingCookie.Commission-junction : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@connextra[1].txt -> TrackingCookie.Connextra : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyé.
      C:\WINDOWS\TEMP\Cookies\andréa@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@e-2dj6wflykidpsaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@e-2dj6wjlyqjcpeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@e-2dj6wjnygpd5cep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqjcpekow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@www.etracker[2].txt -> TrackingCookie.Etracker : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@euniverseads[1].txt -> TrackingCookie.Euniverseads : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@as-us.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fastclick[3].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fastclick[4].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fastclick[5].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fastclick[6].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@flycast[1].txt -> TrackingCookie.Flycast : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@focalink[1].txt -> TrackingCookie.Focalink : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fortunecity[1].txt -> TrackingCookie.Fortunecity : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fortunecity[2].txt -> TrackingCookie.Fortunecity : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@fortunecity[3].txt -> TrackingCookie.Fortunecity : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@fortunecity[2].txt -> TrackingCookie.Fortunecity : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@fortunecity[3].txt -> TrackingCookie.Fortunecity : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@gator[1].txt -> TrackingCookie.Gator : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@gator[2].txt -> TrackingCookie.Gator : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@webpdp.gator[1].txt -> TrackingCookie.Gator : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@c.goclick[2].txt -> TrackingCookie.Goclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ehg-hpeuro.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ehg-iams.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ehg-sonyelec.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hg1.hitbox[3].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hg1.hitbox[4].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hg1.hitbox[5].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hg1.hitbox[6].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hitbox[3].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hitbox[4].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@hitbox[5].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@w116.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@w104.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@w116.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@ehg-yellowpages.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-bellcanada.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-bskyb.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-ignitemedia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-maxim.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-mtv.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-salomon.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-volania.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@idot[1].txt -> TrackingCookie.Idot : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@dot.idot[1].txt -> TrackingCookie.Idot : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@intelli-direct[2].txt -> TrackingCookie.Intelli-direct : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adserv.internetfuel[1].txt -> TrackingCookie.Internetfuel : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adserv.internetfuel[2].txt -> TrackingCookie.Internetfuel : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adserv.internetfuel[3].txt -> TrackingCookie.Internetfuel : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@adserv.internetfuel[4].txt -> TrackingCookie.Internetfuel : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@adserv.internetfuel[1].txt -> TrackingCookie.Internetfuel : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@search.live[2].txt -> TrackingCookie.Live : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@www.lop[1].txt -> TrackingCookie.Lop : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@mediaplex[3].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@mediaplex[4].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@mediaplex[5].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@salzburg.oewabox[1].txt -> TrackingCookie.Oewabox : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@stat.onestat[2].txt -> TrackingCookie.Onestat : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@stat.onestat[1].txt -> TrackingCookie.Onestat : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@paycounter[1].txt -> TrackingCookie.Paycounter : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www.paypal[1].txt -> TrackingCookie.Paypal : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www7.paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyé.
      C:\WINDOWS\TEMP\Cookies\andréa@paypopup[1].txt -> TrackingCookie.Paypopup : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@preferences[1].txt -> TrackingCookie.Preferences : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@pro-market[2].txt -> TrackingCookie.Pro-market : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@pro-market[2].txt -> TrackingCookie.Pro-market : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@pro-market[2].txt -> TrackingCookie.Pro-market : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www.qksrv[1].txt -> TrackingCookie.Qksrv : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www.qksrv[2].txt -> TrackingCookie.Qksrv : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@www.qksrv[2].txt -> TrackingCookie.Qksrv : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@questionmarket[3].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@questionmarket[4].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@guide.real[1].txt -> TrackingCookie.Real : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@realguide.real[1].txt -> TrackingCookie.Real : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@real[1].txt -> TrackingCookie.Real : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@realguide.real[1].txt -> TrackingCookie.Real : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@realguide.real[1].txt -> TrackingCookie.Real : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@real[1].txt -> TrackingCookie.Real : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@realmedia[3].txt -> TrackingCookie.Realmedia : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@realmedia[4].txt -> TrackingCookie.Realmedia : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@tpl1.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@web1.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyé.
      C:\WINDOWS\TEMP\Cookies\andréa@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@mediatrack.revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@revsci[1].txt -> TrackingCookie.Revsci : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@edge.ru4[1].txt -> TrackingCookie.Ru4 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ru4[1].txt -> TrackingCookie.Ru4 : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@edge.ru4[1].txt -> TrackingCookie.Ru4 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@spylog[2].txt -> TrackingCookie.Spylog : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@spylog[3].txt -> TrackingCookie.Spylog : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@focusin.ads.targetnet[1].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@targetnet[2].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@targetnet[3].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@targetnet[4].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@targetnet[1].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@targetnet[1].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@targetnet[1].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@targetnet[2].txt -> TrackingCookie.Targetnet : Nettoyé.
      C:\Documents and Settings\andréa\Cookies\andréa@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@www.toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@toplist[2].txt -> TrackingCookie.Toplist : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@trafficmp[1].txt -> TrackingCookie.Trafficmp : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@trafficmp[2].txt -> TrackingCookie.Trafficmp : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@trafficmp[3].txt -> TrackingCookie.Trafficmp : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@trafficmp[1].txt -> TrackingCookie.Trafficmp : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\france\Cookies\france@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@servedby.valuead[1].txt -> TrackingCookie.Valuead : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@servedfor.valuead[1].txt -> TrackingCookie.Valuead : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@valueclick[3].txt -> TrackingCookie.Valueclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@webstat[2].txt -> TrackingCookie.Web-stat : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\france\Cookies\anyuser@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\valérie\Cookies\valérie@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@x10[1].txt -> TrackingCookie.X10 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@x10[2].txt -> TrackingCookie.X10 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@x10[4].txt -> TrackingCookie.X10 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@x10[5].txt -> TrackingCookie.X10 : Nettoyé.
      C:\Documents and Settings\france\Cookies\.b1cifw54@x10[1].txt -> TrackingCookie.X10 : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@count.xhit[1].txt -> TrackingCookie.Xhit : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
      C:\WINDOWS\TEMP\Cookies\andréa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
      C:\Documents and Settings\france\Cookies\.@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
      C:\Documents and Settings\andréa\Bureau\Andréa\DVD\Logiciels Dvd\logiciels\WinAVI v6.3\patch.exe -> Trojan.Feutel.av : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{5D810597-8966-4483-924D-C385ADC1282E}\RP1250\A0216248.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{5D810597-8966-4483-924D-C385ADC1282E}\RP1261\A0219965.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{5D810597-8966-4483-924D-C385ADC1282E}\RP1261\A0219966.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{5D810597-8966-4483-924D-C385ADC1282E}\RP1261\A0219968.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{5D810597-8966-4483-924D-C385ADC1282E}\RP1261\A0219969.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).


      Fin du rapport




      Logfile of HijackThis v1.99.1
      Scan saved at 21:40:25, on 10/04/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16414)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\WTablet\TabUserW.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\htpatch.exe
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
      C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\FolderShare\FolderShare.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
      O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
      O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe


      Et voilà. Peux-tu me dire si ça va vraiment me mener à quelque part stp... Parce que vu que je te fais entièrement confiance car je n'y connais rien...

      Merci
      0
  17. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir,

    je pense savoir de quoi je parle!lol!

    Tu n'as pas coché les lignes avec hijackthis puis cliqué sur réparer!

    C'est important de le faire

    a+
    0
    1. Andréa
       
      Salut,

      Si, j'ai bel et bien coché les cases à cocher dans hijackthis, mais il n'y a pas de réparer... c'est fixer objet... Et c'est sure quoi j'ai cliqué :S
      0
  18. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    ok, j'avais lu un autre rapport sûrement!

    1) Télécharge ATF-Cleaner (par Atribune) de ce lien :

    http://www.atribune.org/ccount/click.php?id=1

    sauvegarde-le sur ton Bureau.

    redémarre en mode sans échec!

    Double-clique ATF-Cleaner.exe qui est sur le Bureau, afin de lancer le programme.
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected. Clique Ok, puis Exit

    2) Télécharge clean.zip

    http://www.malekal.com/download/clean.zip

    Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
    Ouvre le dossier Clean qui se trouve sur ton bureau.
    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 1.

    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    a+
    0
  19. Andréa
     
    Voici un nouvel Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 15:25:34, on 11/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FolderShare\FolderShare.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.imdb.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar4.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [as4Tray] C:\Program Files\AudioStation 4\As4Tray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SonicStage\SsAAD.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .kar: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreadsimard.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  20. AndréaDS Messages postés 48 Statut Membre 5
     
    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 1, executee le 11/04/2007 a 16:01:46,55

    *** Recherche de fichiers sur C:
    C:\StubInstaller.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\mcrh.tmp FOUND
    C:\WINDOWS\system32\SpoonUninstall.exe FOUND
    C:\WINDOWS\impborl.dll FOUND
    C:\WINDOWS\SYSTEM\MAPI32.DLL FOUND
    C:\WINDOWS\SYSTEM\INET16.DLL FOUND

    "C:\Program Files\GameHouse\" FOUND
    *** Fin du rapport !

    Voilà!
    0
  21. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    1) relance cleanzip,

    Choisis cette fois l'option 2!

    Poste le rapport ensuite!

    2) passe un scan en ligne ici:

    http://www.bitdefender.fr/scan8/ie.html

    poste le rapport bitdefender!

    Si impossible essaie un de ceux ci:

    https://www.trendmicro.com/en_us/forHome/products/housecall.html
    https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/activescan.asp
    http://www.secuser.com/antivirus/

    poste le rapport!

    a+
    0
  • 1
  • 2