Sujet Précédent Sujet Suivant

Infecté par trojan nebuler

Laurence.Pringarbe Messages postés 8 Statut Membre -  
moK´s@ Messages postés 4410 Statut Membre -
Bonjour, apparemment je suis infecté par le virus Trojan.Nebuler. Je ne sais pas comment le supprimer.Je vous envoies mon scan hijackthis pour que vous y jetiez un oeil.En fait je n'arrive plus à installer des logiciels, j'ai même essayé d'installer la version d'essai d'AVG Anti-Spyware 7.5 mais rien n'a faire, je ne peux plus rien installer. Par avance merci de pouvoir m'aider.
Logfile of HijackThis v1.99.1
Scan saved at 11:23:36, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\MTA1YPMX\avgas-setup-7.5.1.43[1].exe
C:\Documents and Settings\Laurence\Mes documents\Mes téléchargements\avgas-setup-7.5.1.43.exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[1].exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[1].exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[2].exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[2].exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Laurence\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
A voir également:

18 réponses

Réponse 1 / 18
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Rebonjour J'ai réussi à installer sous mode sans échec AVG Anti spyware, et g fait également un scan avec bitdefender, je vous post les rapports de ces 2 scans, en espérant que vous pouvez m'éclairer sur ces données, je vous en remercie par avance.
BitDefender Online Scanner

Scan report generated at: Tue, Jul 10, 2007 - 19:26:53

Scan path: C:\;D:\;E:\;F:\;I:\;J:\;

Statistics

Time
01:45:52

Files
254070

Folders
5980

Boot Sectors
3

Archives
10899

Packed Files
15366

Results

Identified Viruses
4

Infected Files
22

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
42

Engines Info

Virus Definitions
642982

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
Infected with: Trojan.Vb.YG

C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
Disinfection failed

C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
Detected with: Adware.Virtumonde.GFH

C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
Infected with: Trojan.Vb.YG

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
Detected with: Adware.Virtumonde.GFH

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
Deleted

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:22:52 10/07/2007

+ Résultat de l'analyse:

C:\WINDOWS\Downloaded Program Files\website.dll -> Downloader.Agent.bls : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Laurence\Cookies\laurence@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Program Files\Norton AntiVirus\Quarantine\Portal\710011A3.dll -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0012400.dll -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Tue, Jul 10, 2007 - 19:26:53

Scan path: C:\;D:\;E:\;F:\;I:\;J:\;

Statistics

Time
01:45:52

Files
254070

Folders
5980

Boot Sectors
3

Archives
10899

Packed Files
15366

Results

Identified Viruses
4

Infected Files
22

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
42

Engines Info

Virus Definitions
642982

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
Infected with: Trojan.Vb.YG

C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
Disinfection failed

C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
Detected with: Adware.Virtumonde.GFH

C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
Infected with: Trojan.Dropper.Small.AVB

C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
Infected with: Trojan.Vb.YG

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
Detected with: Adware.Virtumonde.GFH

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
Deleted

BitDefender Online Scanner - Real Time Virus Report

Generated at: Tue, Jul 10, 2007 - 19:39:08

--------------------------------------------------------------------------------

Scan Info

Scanned Files
260122

Infected Files
22

Virus Detected

Trojan.Vb.YG
2

Trojan.Dropper.Small.AVB
8

Trojan.Downloader.Agent.YFI
10

Adware.Virtumonde.GFH
2

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
0
Réponse 2 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
salut Laurence.Pringarbe,

avec hijack this coche ceci :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/

quitte tes applications et navigateur et fix les lignes ci dessus.

puis desinstale avg antivirus tu en as deux maintenant...

tes points de restaurations sont infectés !
Fais ceci:
tapes ceci dans Démarrer/Exécuter:
%SystemRoot%\System32\restore\rstrui.exe
Paramètres de restauration/Désactivé la restauration sur tous les lecteurs.
Reboot.
Ensuite refais l'inverse, réactive.

comment faire :

¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique

Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
fais le marcher

puis supprime ton hijack this et :

* Télécharge HijackThis sur ton bureau tu le telecharge et le dezip dans un dossier sur ton bureau et poste le rapport stp

http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

puis passe ceci

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Bonjour. Ok je commence dès maintenant, je te redonne des nouvelles après tout ça, merci pour ton aide.
0
Réponse 3 / 18
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Le post du scan hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 09:56:20, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 4 / 18
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Après toutes les manipulations je te post les rapports SDFIX et Hijackthis. Par contre g plutôt supprimer l'antivirus norton car il était en fin d'essai jusqu'en septembre.

SDFix: Version 1.90

Run by Laurence on 11/07/2007 at 10:07

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Laurence\Bureau\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\Laurence\LOCALS~1\Temp\win24.tmp.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Laurence\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\Program Files\AOL 8.0\aolphx.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\AOL 8.0\RBM.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL 8.0\COMIT\cswitch.exe

Finished

Logfile of HijackThis v1.99.1
Scan saved at 10:28:12, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Bon apparemment tout fonctionne g pu installer mes logiciels sans difficultés, merci merci beaucoup, vous êtes génial.
Sinon g une toute petite question, g installé un logiciel de Kodak et il se charge au démarrage de windows dans la barre des tâches, je voudrais le décocher mais je ne sais plus comment on fait, avant j'allais dans exécuter je tapais qq chose mais je ne sais plus, pouvez vous m'aider? Merci
0
Réponse 6 / 18
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Désolé de t'embêter mais g retrouvé c t msconfig, donc tout va bien, encore merci pour tout.
0
Réponse 7 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
salut Laurence.Pringarbe,

c´est pas fini...

avec hijack this coche ceci :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/

quitte tes applications et navigateur et fix les lignes ci dessus.

connais tu ceci :

C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE

puis tu n´as pas de par feu...

je peux te proposer ceci :

https://kerio.probb.fr/t4-tlcharger-sunbelt-kerio-personal-firewall

(merci a boulepate pour le site!!!)

sur cette page tu as le choix entre kerio et zone alarm, zone alarm est plus facile a configurer que kerio mais un peu moins performant, a toi de voir...

tutorials :

zone alarm :

http://forum.telecharger.01net.com/forum/

kerio 4.2.

https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

kerio autre version 4.5.

https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6

puis fais ceci :

* Télécharge combofix.exe (par sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

* Double clique combofix.exe.
* Tape sur la touche 1 (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
0
Réponse 8 / 18
Laurence Pringarbe
 
Ah oui j'oublié print master est un logiciel de créations carte, calendriers, etc....
0
Réponse 9 / 18
Laurence Pringarbe
 
Et je ne comprends pas g pourtant un pare feu qui est activé je viens de vérifier, bizarre, peux tu me confirmer que je dois réinstaller un pare-feu? merci. A +
0
Réponse 10 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
ok tu t´en serts?
0
Réponse 11 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
ok, tu t´en serts?
0
Laurence Pringarbe
 
Que veux tu dire si je m'en sers, car je sais qu'il est activé, doit-on faire autre chose? Je dois te paraître un peu idiote mais je n'y connais pas grand chose mais je sais que tu es là pour m'éclairer et c vraiment sympas, j'attends ta réponse, merci
0
Laurence Pringarbe
 
Je te mets le scan avec combofix
"Laurence" - 2007-07-11 20:57:22 - ComboFix 07-07-10.5 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 20:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 13:18 <REP> d-------- C:\WINDOWS\pss
2007-07-11 11:10 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Anuman Interactive
2007-07-11 11:09 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Help
2007-07-11 10:41 <REP> d-------- C:\Program Files\Anuman Interactive
2007-07-11 10:39 <REP> d-------- C:\WINDOWS\system32\color
2007-07-11 10:38 <REP> d-------- C:\Program Files\KODAK
2007-07-11 10:38 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2007-07-11 10:38 <REP> d-------- C:\KPCMS
2007-07-11 10:36 <REP> d-------- C:\Program Files\Micro Application
2007-07-11 10:36 <REP> d-------- C:\Program Files\Fichiers communs\Micro Application Shared
2007-07-11 10:06 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-11 09:55 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-10 17:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-10 13:54 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-09 21:32 <REP> d-------- C:\WINDOWS\AU_Temp
2007-07-09 12:42 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-09 12:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-09 11:59 <REP> d-------- C:\WINDOWS\BWKDLogs
2007-07-06 20:57 <REP> d-------- C:\WINDOWS\report
2007-07-05 11:48 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-05 11:48 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-05 10:50 <REP> d-------- C:\Program Files\Serif
2007-07-05 10:49 5,632 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
2007-07-05 10:49 133,904 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2007-07-05 10:49 <REP> d-------- C:\WINDOWS\Profiles
2007-07-05 10:49 <REP> d-------- C:\Program Files\Web Publish
2007-07-05 10:48 284,160 --a------ C:\WINDOWS\unin040c.exe
2007-07-05 10:48 <REP> d-------- C:\Program Files\Broderbund
2007-07-05 10:44 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-07-04 18:14 <REP> d-------- C:\Program Files\MSXML 4.0
2007-07-04 17:25 <REP> d-------- C:\Program Files\Microsoft Works
2007-07-04 17:21 <REP> d-------- C:\Program Files\Microsoft.NET
2007-07-04 17:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-04 17:13 <REP> dr-h----- C:\MSOCache
2007-07-04 16:46 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer
2007-07-04 16:45 <REP> d-------- C:\WINDOWS\Prefetch
2007-07-04 14:49 <REP> d-------- C:\WINDOWS\provisioning
2007-07-04 14:49 <REP> d-------- C:\WINDOWS\peernet
2007-07-04 14:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-07-04 14:29 <REP> d-------- C:\WINDOWS\EHome
2007-07-04 13:47 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-07-04 13:46 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-07-03 16:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-07-03 14:52 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-03 14:51 <REP> d-------- C:\Program Files\Gamenext
2007-07-02 14:29 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\AdobeUM
2007-07-02 12:19 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2007-07-02 12:19 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2007-07-02 12:18 51,920 --------- C:\WINDOWS\system32\MFCD250.DLL
2007-07-02 12:18 320,880 --------- C:\WINDOWS\system32\MFC250.DLL
2007-07-02 12:18 146,976 --------- C:\WINDOWS\system32\MFCOLEUI.DLL
2007-07-02 12:18 125,344 --------- C:\WINDOWS\system32\MFCO250.DLL
2007-07-02 12:18 11,072 --------- C:\WINDOWS\system32\MFCN250.DLL
2007-07-02 12:17 <REP> d-------- C:\SIERRA
2007-07-02 12:17 <REP> d-------- C:\Program Files\Sierra On-Line
2007-07-02 10:48 <REP> d-------- C:\Program Files\Google
2007-07-02 10:48 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Google
2007-07-02 10:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-02 10:43 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-07-02 10:43 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-07-02 10:22 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-07-02 10:22 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-07-02 10:22 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-07-02 10:22 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-07-02 10:22 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-07-02 10:21 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-07-02 10:21 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-07-02 10:21 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-07-02 10:21 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-07-02 10:21 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-07-02 10:21 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-07-02 10:21 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-07-02 10:21 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-07-02 10:21 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-07-02 10:21 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-07-02 10:21 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-07-02 10:21 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-07-02 10:21 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-06-29 16:10 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Sonic
2007-06-29 16:07 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Leadertech
2007-06-29 15:29 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\DivX
2007-06-29 15:18 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Ahead
2007-06-29 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-29 15:14 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-06-29 15:14 267,845 --a------ C:\WINDOWS\tsc.exe
2007-06-29 15:14 <REP> d-------- C:\WINDOWS\AU_Backup
2007-06-29 15:13 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-06-29 15:13 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-06-29 15:13 <REP> d-------- C:\Program Files\Nero
2007-06-29 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-06-29 15:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-29 15:12 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-06-29 15:12 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-06-29 15:12 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-06-29 15:12 <REP> d-------- C:\WINDOWS\AU_Log
2007-06-29 13:42 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-06-29 13:42 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-06-29 13:42 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-29 13:42 51,200 --a------ C:\WINDOWS\system32\wstdecod.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 18:52:03 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-05 08:17:01 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-05 08:17:00 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-16 16:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-16 16:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 07:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 07:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 14:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 01:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-07-02 10:48 2436160 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 00:34 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPpromo psc 1300 series"="C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" [2003-10-09 12:17]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-07-03 11:18]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 11:33]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-02 10:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=C:\WINDOWS\pss\Pense-bête.lnkCommon Startup


Contents of the 'Scheduled Tasks' folder
2007-07-11 19:00:03 C:\WINDOWS\tasks\HDReg.job
2007-06-28 16:02:26 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
2007-07-11 15:22:17 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 21:02:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 21:04:33

--- E O F ---
Puis également le nouveau scan hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:52:05, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Voilà, j'espère que ça ira maintenant. En tout cas vraiment merci. Dant l'attente de voir si tout est ok, à bientôt. Laurence
0
Réponse 12 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
bon c´est bon pour C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE...

non tu ne me parais pas idiote lol

fais la suite a savoir combofix et instale un par feu...

@+
0
Réponse 13 / 18
Laurence Pringarbe
 
C vraiment bizarre je viens de revérifier, et g bien un pare feu qui est activé, celui d centre de sécurité windows en fait. Bon sinon ça m'embêtait de réinstaller encore ça mais il le faut vraiment ? je suis un peu chiante je sais lol, bon sinon pour ce soir j'arrête, je verrais demain pour installer un autre pare-feu en attendant que tu me reconfirme cette installation, Biz pour toute cette aide.
0
Réponse 14 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
re,

fais analyser ceci sur ce site :

C:\WINDOWS\unin040c.exe

https://www.virustotal.com/gui/

ou

http://virusscan.jotti.org/de/

et post le rapport...

0
Laurence Pringarbe
 
Bonjour voici le rapport :

Datei: Report.txt
Auslastung: 0% 100%

Status: OK
Entdeckte Packprogramme: -
Bit9 rapportiert: File not found

A-Squared Keine Viren gefunden
AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
F-Secure Anti-Virus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
Panda Antivirus Keine Viren gefunden
Rising Antivirus Keine Viren gefunden
Sophos Antivirus Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden
0
Laurence Pringarbe
 
Je l'ai fait également avec l'autre :
File Report.txt received on 07.12.2007 09:24:55 (CET)
Current status: queued waiting scanning finished NOT FOUND STOPPED


Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Print results

Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.7.11.1 07.11.2007 no virus found
AntiVir 7.4.0.39 07.12.2007 no virus found
Authentium 4.93.8 07.12.2007 no virus found
Avast 4.7.997.0 07.12.2007 no virus found
AVG 7.5.0.476 07.12.2007 no virus found
BitDefender 7.2 07.12.2007 no virus found
CAT-QuickHeal 9.00 07.11.2007 no virus found
ClamAV devel-20070416 07.12.2007 no virus found
DrWeb 4.33 07.12.2007 no virus found
eSafe 7.0.15.0 07.10.2007 no virus found
eTrust-Vet 30.8.3780 07.11.2007 no virus found
Ewido 4.0 07.11.2007 no virus found
FileAdvisor 1 07.12.2007 no virus found
Fortinet 2.91.0.0 07.12.2007 no virus found
F-Prot 4.3.2.48 07.11.2007 no virus found
Ikarus T3.1.1.8 07.12.2007 no virus found
Kaspersky 4.0.2.24 07.12.2007 no virus found
McAfee 5072 07.11.2007 no virus found
Microsoft 1.2704 07.12.2007 no virus found
NOD32v2 2394 07.11.2007 no virus found
Norman 5.80.02 07.11.2007 no virus found
Panda 9.0.0.4 07.12.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.12.2007 no virus found
Symantec 10 07.12.2007 no virus found
TheHacker 6.1.6.145 07.12.2007 no virus found
VBA32 3.12.0.2 07.12.2007 no virus found
VirusBuster 4.3.23:9 07.11.2007 no virus found
Webwasher-Gateway 6.0.1 07.12.2007 no virus found
Aditional information
File size: 2455 bytes
MD5: 3ba8c7a3e16b6213322ce0c59617b9b7
SHA1: bab2a0c875aa263f76424c5c825e5208feb78fdc
0
Laurence Pringarbe
 
Oups je viens de m'apercevoir que je me suis tropmé pour le scan, je te post enfin le bon, dsl
Datei: unin040c.exe
Auslastung: 0% 100%

Status: OK
Entdeckte Packprogramme: -
Bit9 rapportiert: No threat detected (more info)

A-Squared Keine Viren gefunden
AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
F-Secure Anti-Virus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
Panda Antivirus Keine Viren gefunden
Rising Antivirus Keine Viren gefunden
Sophos Antivirus Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden

Puis avec l'autre
Antivirus Version Last Update Result
AhnLab-V3 2007.7.11.1 07.11.2007 no virus found
AntiVir 7.4.0.39 07.12.2007 no virus found
Authentium 4.93.8 07.12.2007 no virus found
Avast 4.7.997.0 07.12.2007 no virus found
AVG 7.5.0.476 07.12.2007 no virus found
BitDefender 7.2 07.12.2007 no virus found
CAT-QuickHeal 9.00 07.11.2007 no virus found
ClamAV devel-20070416 07.12.2007 no virus found
DrWeb 4.33 07.12.2007 no virus found
eSafe 7.0.15.0 07.10.2007 no virus found
eTrust-Vet 30.8.3780 07.11.2007 no virus found
Ewido 4.0 07.11.2007 no virus found
FileAdvisor 1 07.12.2007 no virus found
Fortinet 2.91.0.0 07.12.2007 no virus found
F-Prot 4.3.2.48 07.11.2007 no virus found
Ikarus T3.1.1.8 07.12.2007 no virus found
Kaspersky 4.0.2.24 07.12.2007 no virus found
McAfee 5072 07.11.2007 no virus found
Microsoft 1.2704 07.12.2007 no virus found
NOD32v2 2394 07.11.2007 no virus found
Norman 5.80.02 07.11.2007 no virus found
Panda 9.0.0.4 07.12.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.12.2007 no virus found
Symantec 10 07.12.2007 no virus found
TheHacker 6.1.6.145 07.12.2007 no virus found
VBA32 3.12.0.2 07.12.2007 no virus found
VirusBuster 4.3.23:9 07.11.2007 no virus found
Webwasher-Gateway 6.0.1 07.12.2007 no virus found
Aditional information
File size: 284160 bytes
MD5: 32a7dcb9f65f4c7c0bec38c6f1899f35
SHA1: 3900a0e343159e42cd9ff630e9bce5eb26b08f6c
0
Laurence Pringarbe
 
Pour les pare-feu, le prob c que c des essais gratuit soit de 15 jrs ou 30 jrs, et mon pare feu apparemment marche puisque g déjà eu des demandes de blocage. Comment as tu vu qu'il n'y avait pas de pare feu activé sur mon ordi ? Je te pose toutes ces questions par curiosité ça m'intrigue cette histoire de pare-feu. Merci pour ta patience. Biz
0
Réponse 15 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
salut Laurence Pringarbe,

ok pour le fichier a analyser

pour le par feu, tu as quoid comme par feu, celui de windows ou?

@+
0
Laurence.Pringarbe Messages postés 8 Statut Membre
 
Salut, le pare feu que g c celui de windows. Ne marche t-il pas ? Biz
0
Réponse 16 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
salut Laurence.Pringarbe, le

le par feu de windows est une vrai passoire...

je peux te proposer ceci :

https://kerio.probb.fr/t4-tlcharger-sunbelt-kerio-personal-firewall

(merci a boulepate pour le site!!!)

sur cette page tu as le choix entre kerio et zone alarm, zone alarm est plus facile a configurer que kerio mais un peu moins performant, a toi de voir...

tutorials :

zone alarm :

http://forum.telecharger.01net.com/forum/

kerio 4.2.

https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

kerio autre version 4.5.

https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6

Voila.
0
Laurence Pringarbe
 
Slt, bon Ok je vais donc installer un autre pare-feu, vraiment merci pour toute ton aide. Biz
0
Laurence Pringarbe
 
G installé Kério mais c une version d'essai de 30 jrs, n'est-il pas gratuit?
0
Réponse 17 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
salut laurence,

oui c´est pour trente jour et a la fin des 30 jours seules quelques fonction vont disparaitre, mais tu peux les retrouver par exemple en surfant avec firefox..,

http://www.firefox2.net/

@+
0
Laurence Pringarbe
 
Ok, merci pour tout, bon mon prob est résolu grâce à toi, de ce fait je pense que nous 2 c fini lol enfin je crois, peut-être à une autre fois, encore merci pour ton aide. Biz Mok's@.
0
Réponse 18 / 18
moK´s@ Messages postés 4410 Statut Membre 89
 
ok pas de probleme ;-)
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses