win32.trojan.rx Fermé

Question

bonjour a tous je suis actuellement bloqué avec win32.trojan.rx qui me met des fentres intempestives sans arrêt et ralenti mon ordi avast le trouve mais ne fais rien j'ai téléchargé hitjackthis pour faire un rapport et en voici le contenu si quelqu'un peut m'aider car c'est vraiment galère merci d'avance
bye
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:10:05, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\windows\System32
vsvc32.exe
C:\windows\System32\snmp.exe
C:\windows\system32undll32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32	mrsrv32.exe
C:\windows\system32\msorcl32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\windows\system32undll32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
C:\Program Files\Microsoft Money\Systememinder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\gildas\Mes documents\Mes fichiers reçus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: MSDNS System - {27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF} - C:\WINDOWS	lhelper.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: The msdn32 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\msdn32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IncredimailDownloader] C:\Documents and Settings\gildas\Bureau\imloader.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\Systememinder.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TransVente] C:\PROGRA~1\TRANSV~1\TransVente.exe 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [mscover] C:\DOCUME~1\gildas\LOCALS~1\Temp\mscover.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\windows\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\windows\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O21 - SSODL: msdns - {DD38B663-D37D-49D2-BC61-7AB8DCF00285} - C:\WINDOWS\msdns.dll (file missing)
O21 - SSODL: iedns - {483C197A-3091-4C38-A451-7052904A8749} - C:\windows\iedns.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\windows\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\Imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32
vsvc32.exe
O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\windows\System32\SCardSvr.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\windows\System32\snmp.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\windows\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\windows\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

green day · Answer

Salut

 c'est pas mal ...

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

 http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp.



++

cotobre · Answer

salut voici le rapport comme tu m'a dit de faire 
merci de ton aide 
jolie citation a la fin de ton message j'en prend note aussi 
cordialement



SmitFraudFix v2.181

Rapport fait à 17:46:24,88, 15/05/2007
Executé à partir de C:\Documents and Settings\gildas\Bureau\Nouveau dossier (2)\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\windows\System32
vsvc32.exe
C:\windows\System32\snmp.exe
C:\windows\system32undll32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32	mrsrv32.exe
C:\windows\system32\msorcl32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32undll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
C:\Program Files\Microsoft Money\Systememinder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows

C:\windows\iedns.dll PRESENT !
C:\windows\loader.exe PRESENT !
C:\windows\msdn32.dll PRESENT !
C:\windows\susp.exe PRESENT !
C:\windows	lhelper.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gildas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gildas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gildas\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\NewMediaCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A2853236-9D6A-48DA-9CAB-8714AE306799}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A2853236-9D6A-48DA-9CAB-8714AE306799}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A2853236-9D6A-48DA-9CAB-8714AE306799}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

Salut et merci :-)

# Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
---------------------------------------------------------------------------- 
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum 


ensuite, remets un nouveau hijacl stp

++

cotobre · Answer

salut encore moi 
c'est quoi hijacl stp
@+

green day · Answer

Un rapport hijackthis :)

++

cotobre · Answer

salut encore moi et le rapport hijaclLogfileet le smitfraud a suivre 
ça ma l'air plus tranquille deja
a plus je te tiens au courant demain

of HijackThis v1.99.1
Scan saved at 22:37:09, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\windows\System32
vsvc32.exe
C:\windows\system32undll32.exe
C:\windows\System32\snmp.exe
C:\WINDOWS\system32	mrsrv32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
C:\Program Files\Microsoft Money\Systememinder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\windows\system32undll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\gildas\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IncredimailDownloader] C:\Documents and Settings\gildas\Bureau\imloader.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\windows\system32undll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\Systememinder.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TransVente] C:\PROGRA~1\TRANSV~1\TransVente.exe 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\windows\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\windows\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32
vsvc32.exe
O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe (file missing)



voici le rapport 
SmitFraudFix v2.181

Rapport fait à 22:27:40,82, 15/05/2007
Executé à partir de C:\Documents and Settings\gildas\Bureau\Nouveau dossier (2)\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A2853236-9D6A-48DA-9CAB-8714AE306799}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A2853236-9D6A-48DA-9CAB-8714AE306799}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

Salut

Devoir à faire pour demain :)

virus methode preliminaire de desinfection version fr

++

cotobre · Answer

salut 
voilà mes devoirs sont finis je crois j'ai été plus long que prèvu car pas toujours dispo 
merci encore pour toutes ces precisions ci joint les trois rapports 
au plaisir de te lire
cordialement


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	21:55:50 17/05/2007

 + Résultat de l'analyse:	



C:\Program Files\Altnet -> Adware.Altnet : Ignoré.
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : Ignoré.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-784569582-1694720459-516276246-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
C:\Documents and Settings\Invité\Application Data\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\Invité\Application Data\Hotbar\v3.0 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\Invité\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\Invité\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Ignoré.
C:\Documents and Settings\Invité\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\IESkins -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs\db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cseport -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cseport\ag_ShopperReports.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cseport\ag_ShopperReports.xml.db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cseport\send_ShopperReports.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cseport\send_ShopperReports.xml.db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cses1 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\cses1\WhiteList.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\adrien\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\IESkins -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cseport -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cseport\ag_ShopperReports.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cseport\ag_ShopperReports.xml.db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cseport\send_ShopperReports.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cseport\send_ShopperReports.xml.db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cses2 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\cses2\WhiteList.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\leslie\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\IESkins -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cseport -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cseport\ag_ShopperReports.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cseport\ag_ShopperReports.xml.db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cseport\send_ShopperReports.xml -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cseport\send_ShopperReports.xml.db -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cses2 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\cses2\WhiteList.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\lucas\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\IESkins -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\ShopperReports -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\ShopperReports\cs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Ignoré.
C:\Documents and Settings\sylviane\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Ignoré.
C:\Program Files\arxelTribe\WINDOWS\system32\France_sex-uninstall.exe -> Dialer.Generic : Ignoré.
C:\WINDOWS\system32\France_sex-uninstall.exe -> Dialer.Generic : Ignoré.
:mozilla.12:C:\Documents and Settings\gildas\Application Data\Mozilla\Firefox\Profiles\ou5vxpli.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\gildas\Cookies\gildas@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@112.2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@bookspan.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@verizonmysuperpages.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@site.www.adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@www.adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@bfast[2].txt -> TrackingCookie.Bfast : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@burstnet[1].txt -> TrackingCookie.Burstnet : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@com[1].txt -> TrackingCookie.Com : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@epilot[1].txt -> TrackingCookie.Epilot : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@estat[2].txt -> TrackingCookie.Estat : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignoré.
:mozilla.7:C:\Documents and Settings\gildas\Application Data\Mozilla\Firefox\Profiles\ou5vxpli.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@data2.perf.overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@sexlist[1].txt -> TrackingCookie.Sexlist : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@sextracker[1].txt -> TrackingCookie.Sextracker : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@tacoda[2].txt -> TrackingCookie.Tacoda : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Ignoré.
:mozilla.10:C:\Documents and Settings\gildas\Application Data\Mozilla\Firefox\Profiles\ou5vxpli.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@web-stat[1].txt -> TrackingCookie.Web-stat : Ignoré.
:mozilla.11:C:\Documents and Settings\gildas\Application Data\Mozilla\Firefox\Profiles\ou5vxpli.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignoré.
C:\Documents and Settings\Lilou\Cookies\lilou@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Program Files\arxelTribe\Documents and Settings\gildas\Cookies\gildas@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.


Fin du rapport



BitDefender Online Scanner
	

 
	

 

Scan report generated at: Thu, May 17, 2007 - 22:07:24

 
	

 
	

 

Scan path: C:\Documents and Settings\gildas\Mes documents;C:\Documents and Settings\gildas\Bureau\budget;C:\Documents and Settings\gildas\Bureau\Nouveau dossier;C:\Documents and Settings\gildas\Bureau\Nouveau dossier (2);C:\Documents and Settings\gildas\Bureau\photos a classée;C:\Documents and Settings\gildas\Bureau\Raccourcis Bureau non utilisés;C:\Documents and Settings\gildas\Bureauenumeration postale;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

00:02:23

Files
	

5752

Folders
	

124

Boot Sectors
	

2

Archives
	

198

Packed Files
	

347
	

 
	

 

Results

Identified Viruses
	

1

Infected Files
	

1

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

1
	

 
	

 

Engines Info

Virus Definitions
	

506868

Engine build
	

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

6

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\gildas\Mes documents\gildas.bernard2\MP3Chansons.exe=>(Embedded EXE g)
	

Infected with: Generic.Dialer.291BFCAD

C:\Documents and Settings\gildas\Mes documents\gildas.bernard2\MP3Chansons.exe=>(Embedded EXE g)
	

Disinfection failed

C:\Documents and Settings\gildas\Mes documents\gildas.bernard2\MP3Chansons.exe=>(Embedded EXE g)
	

Deleted

C:\Documents and Settings\gildas\Mes documents\gildas.bernard2\MP3Chansons.exe
	

Update failed
	

 

 
	

 
	

 Logfile of HijackThis v1.99.1
Scan saved at 22:18:22, on 17/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\windows\System32
vsvc32.exe
C:\windows\system32undll32.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\windows\system32undll32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Money\Systememinder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\Systememinder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\windows\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32
vsvc32.exe
O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe (file missing)



 voilà j'attend ta réponse pour savoir si j'ai bien travailler et savoir ce que je doit faire @ +
cotobre

green day · Answer

Salut

 as tu supprimé tout ce q'avg a trouvé ??? sinon à refaire en supprimant tout !

ensuite supprime ce programme : Altnet

et enfin :

    
          o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
          o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
          o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
          o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
          o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
          o Double-cliquez sur navilog1.bat
          o Arriver au menu principal, choisir l'option 1 et valider.
          o Patientez jusqu'au message : Analyse Termine le ...
          o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le stp

++

cotobre · Answer

bonsoir voilà le rapport que tu m'as demandé 
mais pour ce qui est de alnet je ne l'ai pas trouvé pour le supprimer
merci encore et tient moi au courant si c'est clean @+

Search Navipromo version 2.0.2 commencé le 18/05/2007 à 23:07:24,20
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes *** 

 


*** Recherche dossiers dans C:\windows ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\gildas\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 05/18/07 at 23:07:25.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ............................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 05/18/07 at 23:20:05 (return code = 0).


*** Recherche fichiers *** 




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] 
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] 
 
 

Recherche Clé Magic Control 
 
 
 
*** Module de Recherche complémentaire *** 
(Recherche fichiers spécifiques) 
 
1)Recherche fichiers connus:


2)Recherche Heuristique :
* 
** 
*** 
**** 
***** 
****** 
******* 
******** 
 
 
*** Analyse Terminé le 18/05/2007 à 23:20:17,89 ***

green day · Answer

Salut

ok, poste un nouveau hijack et précise l'évolution de la situation stp

++

cotobre · Answer

bonjour en ce qui concerne l'état du pc tout a l'air de fonctionner correctement et pour ça  je t' en remercie car je me voyait mal barré je vous joint un nouveau hijack en te remerciant encore
@ bientôt
cotobre

Logfile of HijackThis v1.99.1
Scan saved at 12:26:29, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\windows\System32
vsvc32.exe
C:\windows\system32undll32.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Money\Systememinder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\windows\system32undll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\Systememinder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\windows\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32
vsvc32.exe
O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe (file missing)

green day · Answer

Salut

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)


O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)


O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) 

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? 


O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx 

ensuite, repasse un coup de ccleaner !

et Installe un parefeu : voir ici 


securite proteger un ordinateur contre les malwares d internet

@+

cotobre · Answer

salut 
ok voilà j'ai tout fait comme tu m'as dit et j'ai installé un pare feu zone alarm mais il se met en conflit avec avast et je trouve qu'il ralenti mon pc qu'est ce qui se fait autrement comme antivirus ou pare feu qui fonctionne bien , suis je obligé de prendre un antivirus et pare feu payant pour etre tranquille?
et merci encore pour ce coup de main au fait zone alarm m'a trouvé alnet et je l'ai supprimé
@+
cotobre

green day · Answer

Salut 

Normalement, il n'y a pas de conflit avec avast ?! ...

 Pas de soucis, il existe plusieurs autres parefeus gratuits très performants ! Comme kerio : il est aussi dans le lien !

@+

cotobre · Answer

salut a tous et encore merci a toi green day pour ton coup de main qui ma bien dépannée 
au plaisir de vous lire 
cordialement

green day · Answer

Salut :-)

 De rien ! Au plaisir ;-))

@+

Win32.trojan.rx

17 réponses

Discussions similaires