KILLWIND&trojan....

Résolu
Anonymous -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
BONJOUR A TOUS

Aprés une période de rush professionnel je m 'occupe à nouveau de mon ordimini...
AAaah !!! MAIS surprise ... petit trojan et virus auraient squattés pendant mon absence
à mon insu ??... je ne cherche pas de coupable mais une bonne âme pour sauver mon dimanche
soir...

Bon on arrete de se plaindre

j'utilise avast ...merci
sinon... this HijackThis tell me that...
HELP ME ! PLEASE!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:29:20, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 10966 bytes
Configuration: Windows XPmediacenter
Internet Explorer 6.0
avast

14 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    combien d'antivirus actifs as tu ???

    noms des bébéttes en question ???

    ++
    0
    1. Anonymous
       
      normalent 2 clam et avast mais je n'est pas eu le tps de ramasser les miettes de f.secure /norton/kas/pc cillin et peut etre un d'oublié suite multiples essais...
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    il faut dans un 1er temps supprimer tous les antivirus ou reste d'antivirus et en laisser qu'un seul !

    cf : ajout / supprimer un programme

    ensuite, fais ceci stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
    1. anonymousse
       
      re salut !
      super soirée anti-tout aprés + ieurs heures ...
      enfin...je vous colle mes rapports

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 23:28:30 24/06/2007

      + Résultat de l'analyse:



      C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP55\A0030144.exe -> Dialer.Agent.ao : Nettoyé.
      C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP55\A0030146.exe -> Dialer.Agent.ao : Nettoyé.
      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\09CY3F5U\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
      C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP35\A0024432.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CA6N0RYV.txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CA892ZGX.txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAMNODQB.txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CATF3D4W.txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@bluestreak[3].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@com[1].txt -> TrackingCookie.Com : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@com[1].txt -> TrackingCookie.Com : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CA0TWLWR.txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@e-2dj6wjlyepczwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAU10JON.txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAKHADPM.txt -> TrackingCookie.Euroclick : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@media.fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@hit.gemius[2].txt -> TrackingCookie.Gemius : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAQ3WD0X.txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAW9EB0L.txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAMRS563.txt -> TrackingCookie.Information : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@komtrack[2].txt -> TrackingCookie.Komtrack : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@search.live[2].txt -> TrackingCookie.Live : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAQJOBJG.txt -> TrackingCookie.Liveperson : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAHS2LDN.txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@paycounter[1].txt -> TrackingCookie.Paycounter : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ppms.popularix[1].txt -> TrackingCookie.Popularix : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CACDADZK.txt -> TrackingCookie.Realmedia : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAAR8DQJ.txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAPSYD9J.txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CAZHTCJ1.txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@specificclick[2].txt -> TrackingCookie.Specificclick : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@CA63WPQZ.txt -> TrackingCookie.Webtrendslive : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
      C:\Documents and Settings\public.NOM-FB9B15D2723\Cookies\public@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
      C:\Documents and Settings\public\Cookies\public@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.


      Fin du rapport

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 23:53:14 24/06/2007

      + Résultat de l'analyse:



      Rien à signaler.



      Fin du rapport





      BitDefender Online Scanner



      Scan report generated at: Mon, Jun 25, 2007 - 01:56:09





      Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







      Statistics

      Time
      01:07:57

      Files
      362578

      Folders
      7176

      Boot Sectors
      3

      Archives
      15853

      Packed Files
      29835




      Results

      Identified Viruses
      2

      Infected Files
      2

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      2




      Engines Info

      Virus Definitions
      571215

      Engine build
      AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

      Scan plugins
      14

      Archive plugins
      38

      Unpack plugins
      6

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\2N4TAXCF\functions.js[1].php
      Detected with: Application.JS.ForcePopup.I

      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\2N4TAXCF\functions.js[1].php
      Disinfection failed

      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\2N4TAXCF\functions.js[1].php
      Deleted

      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\ST2RKHEB\popup[1].htm
      Infected with: Trojan.Clicker.CM

      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\ST2RKHEB\popup[1].htm
      Disinfection failed

      C:\Documents and Settings\public\Local Settings\Temporary Internet Files\Content.IE5\ST2RKHEB\popup[1].htm
      Deleted




      Logfile of HijackThis v1.99.1
      Scan saved at 02:06:00, on 25/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
      O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
      O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
      O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
      O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
      O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)


      merci d'avance pour vos analyses d'expertes : )) .....!
      0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, vu ! où en sont tes soucis ???

    ++
    0
    1. anonymousse
       
      slt
      avast me signale tjrs la présence de killwind.exe.Win32:trojan-gen{VC}

      et un autre que j'ai réussie à supprimer cette fois-ci avec avast

      mais aprés un scan de 2h17 ....j'en suis à mes 7 heures de scan...

      mes rapports ont l'air propres ?


      j'ai un petit doute....
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    des petites bébéttes ... où est-ce qu'il te le détecte ???

    ++
    0
    1. anonymousse
       
      C:\hp\bin\Killwind.exe
      Win32:Trojan_gen.{VC}
      C:\Progran Files\Lavasoft\....\Ad_Aware SE Default.skn.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    ++
    0
    1. anonymousse
       
      désolé je n 'arrive pas à trouver... retrouver le rapport !!!!
      0
    2. anonymousse
       
      par contre j'ai lancé un nettoyage ça sent la connerie?...
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Lol ! non, pas forcement !

    un pti rapport, n'importe !

    ;-)
    0
    1. anonymousse
       
      Logfile of HijackThis v1.99.1
      Scan saved at 00:02:34, on 26/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/...
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
      O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
      O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
      O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
      O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
      O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
      O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
      0
    2. anonymousse
       
      Bon !
      bonne nuit a+ tard....
      0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    un pti rapport smitfraud, j'aurais du préciser ! :)

    ++
    0
    1. anonymousse
       
      j'y arrive pas je le vois défiler puis disparaitre....
      0
  9. anonymousse
     
    =(
    je suis vraiment fatigué là
    mais on l'aura! un jour !
    merci pour ta patience...
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, on verra ça demain ;-)

    ++
    0
    1. anonymousse
       
      RESALUT !
      =( tjrs aussi fatigué...
      sinon selon le tutorial

      Sélectionner 1 et pressez Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt

      Le rapport se trouve à la racine du disque système C:\rapport.txt !

      comment aller à la racine du disque système ? =( chui nul !....

      par le registre !? poste de L ?...essais infructueux...

      enfin bonne nuit....et merci pr la réponse....
      0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    voici le chemin :

    démarrer < poste de travail < disque local C\: < rapport.txt

    @+

    ;-)
    0
    1. anonymousse
       
      désolé j trouve pas....
      0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    on passe à autre chose :

    # Télécharger Blacklight (de F-Secure) : https://www.f-secure.com/en
    # Sauvegardez-le sur le Bureau.
    # Double-cliquez sur blbeta.exe et acceptez la licence
    # Cliquez sur Scan puis Next
    # Vous verrez une liste de fichiers détectés apparaître
    # Vous verrez également un rapport, sur le Bureau , ouvrez-le et poste le stp

    ++
    0
    1. anonymousse
       
      8-] ça va mieux ....allez 8-)
      problème résolu + de killwind ni trojan..
      avast a pu les suppr !!!!
      sinon rien de detecté par blacklight ?
      06/28/07 22:41:06 [Info]: BlackLight Engine 1.0.64 initialized
      06/28/07 22:41:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      06/28/07 22:41:06 [Note]: 7019 4
      06/28/07 22:41:06 [Note]: 7005 0
      06/28/07 22:41:30 [Note]: 7006 0
      06/28/07 22:41:30 [Note]: 7011 4084
      06/28/07 22:41:30 [Note]: 7026 0
      06/28/07 22:41:30 [Note]: 7026 0
      06/28/07 22:41:32 [Note]: FSRAW library version 1.7.1022
      06/28/07 22:44:18 [Note]: 2000 1012
      06/28/07 22:45:28 [Note]: 7007 0

      rien!
      tant mieux ....mais je recherche toujours la racine du disque système
      pour un rapport.txt eventuel ( fantôme je dirais...ça m'énerve!!!)

      merci et à bientard...


      ps : pour la méthode de désinfection
      ça marche aussi sur les fourmis.. . . .. . . . . . . . .. . . ..lol
      0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    tant pie pour le rapport, poste un nouveau hijack

    ++
    0
    1. anonymousse
       
      slt
      voili voilà !


      Logfile of HijackThis v1.99.1
      Scan saved at 23:54:53, on 28/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
      O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
      O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
      O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
      O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
      O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
      0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    bien, je verrai ça demain !
    @+

    ;-)
    0
    1. anonymousse
       
      : ) J 't 'assure : PROBLEME RESOLU !

      avast 0
      avg 0

      j'ai suppr le dossier "lavasoft"?quèsquecé! chau po?DS PROGR FILES.
      ne me trouve rien d'autre svp!

      merci et passe un bon weekend !
      à la prochaine alerte!
      0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    non, rien d'autre! juste des lignes à fixer ...

    sinon, installe un parefeu !!!

    voir ici :

    securite proteger un ordinateur contre les malwares d internet

    @+
    0