Infecté par trojan nebuler

Laurence.Pringarbe Messages postés 8 Statut Membre -  
moK´s@ Messages postés 4410 Statut Membre -
Bonjour, apparemment je suis infecté par le virus Trojan.Nebuler. Je ne sais pas comment le supprimer.Je vous envoies mon scan hijackthis pour que vous y jetiez un oeil.En fait je n'arrive plus à installer des logiciels, j'ai même essayé d'installer la version d'essai d'AVG Anti-Spyware 7.5 mais rien n'a faire, je ne peux plus rien installer. Par avance merci de pouvoir m'aider.
Logfile of HijackThis v1.99.1
Scan saved at 11:23:36, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\MTA1YPMX\avgas-setup-7.5.1.43[1].exe
C:\Documents and Settings\Laurence\Mes documents\Mes téléchargements\avgas-setup-7.5.1.43.exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[1].exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[1].exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[2].exe
C:\Documents and Settings\Laurence\Local Settings\Temporary Internet Files\Content.IE5\CVK9MZO7\avgas-setup-7.5.1.43[2].exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Laurence\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  1. Laurence.Pringarbe Messages postés 8 Statut Membre
     
    Rebonjour J'ai réussi à installer sous mode sans échec AVG Anti spyware, et g fait également un scan avec bitdefender, je vous post les rapports de ces 2 scans, en espérant que vous pouvez m'éclairer sur ces données, je vous en remercie par avance.
    BitDefender Online Scanner

    Scan report generated at: Tue, Jul 10, 2007 - 19:26:53

    Scan path: C:\;D:\;E:\;F:\;I:\;J:\;

    Statistics

    Time
    01:45:52

    Files
    254070

    Folders
    5980

    Boot Sectors
    3

    Archives
    10899

    Packed Files
    15366

    Results

    Identified Viruses
    4

    Infected Files
    22

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    42

    Engines Info

    Virus Definitions
    642982

    Engine build
    AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
    Infected with: Trojan.Vb.YG

    C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
    Disinfection failed

    C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
    Detected with: Adware.Virtumonde.GFH

    C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
    Infected with: Trojan.Vb.YG

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
    Detected with: Adware.Virtumonde.GFH

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
    Deleted

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 17:22:52 10/07/2007

    + Résultat de l'analyse:

    C:\WINDOWS\Downloaded Program Files\website.dll -> Downloader.Agent.bls : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Laurence\Cookies\laurence@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Laurence\Cookies\laurence@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Laurence\Cookies\laurence@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Program Files\Norton AntiVirus\Quarantine\Portal\710011A3.dll -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0012400.dll -> Trojan.Dialer.qn : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport

    BitDefender Online Scanner

    Scan report generated at: Tue, Jul 10, 2007 - 19:26:53

    Scan path: C:\;D:\;E:\;F:\;I:\;J:\;

    Statistics

    Time
    01:45:52

    Files
    254070

    Folders
    5980

    Boot Sectors
    3

    Archives
    10899

    Packed Files
    15366

    Results

    Identified Viruses
    4

    Infected Files
    22

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    42

    Engines Info

    Virus Definitions
    642982

    Engine build
    AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
    Infected with: Trojan.Vb.YG

    C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
    Disinfection failed

    C:\Program Files\HP\Digital Imaging\Promotions\HPregistration\hpsrg.exe
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\001B655D.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\238B025E.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\24B1451A.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\259F3E14.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\43527BED.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\4E7C41E4.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
    Detected with: Adware.Virtumonde.GFH

    C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7ED154C8.dll=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F0C4887.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F0F7283.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F131C80.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F204471.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F30165F.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F33405C.htm=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
    Infected with: Trojan.Dropper.Small.AVB

    C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\7F366A58.htm=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
    Infected with: Trojan.Vb.YG

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013497.exe
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013498.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013499.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013500.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013501.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
    Detected with: Adware.Virtumonde.GFH

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013502.dll=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Agent.YFI

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP133\A0013503.exe=>(Quarantine-2)
    Deleted

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Tue, Jul 10, 2007 - 19:39:08

    --------------------------------------------------------------------------------

    Scan Info

    Scanned Files
    260122

    Infected Files
    22

    Virus Detected

    Trojan.Vb.YG
    2

    Trojan.Dropper.Small.AVB
    8

    Trojan.Downloader.Agent.YFI
    10

    Adware.Virtumonde.GFH
    2

    --------------------------------------------------------------------------------

    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
    0
  2. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut Laurence.Pringarbe,

    avec hijack this coche ceci :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/

    quitte tes applications et navigateur et fix les lignes ci dessus.

    puis desinstale avg antivirus tu en as deux maintenant...

    tes points de restaurations sont infectés !
    Fais ceci:
    tapes ceci dans Démarrer/Exécuter:
    %SystemRoot%\System32\restore\rstrui.exe
    Paramètres de restauration/Désactivé la restauration sur tous les lecteurs.
    Reboot.
    Ensuite refais l'inverse, réactive.

    comment faire :

    ¤Désactive ta restauration système:
    Clic droit sur poste de travail puis,
    propriété, tu clique sur onglet restauration système
    tu coche la case désactiver la restauration et applique

    Clean Up 40:
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    -aide en image:(merci a Balltrap34)
    http://pageperso.aol.fr/balltrap34/democleanup.htm
    fais le marcher

    puis supprime ton hijack this et :

    * Télécharge HijackThis sur ton bureau tu le telecharge et le dezip dans un dossier sur ton bureau et poste le rapport stp

    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    puis passe ceci

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
    1. Laurence.Pringarbe Messages postés 8 Statut Membre
       
      Bonjour. Ok je commence dès maintenant, je te redonne des nouvelles après tout ça, merci pour ton aide.
      0
  3. Laurence.Pringarbe Messages postés 8 Statut Membre
     
    Le post du scan hijackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 09:56:20, on 11/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    0
  4. Laurence.Pringarbe Messages postés 8 Statut Membre
     
    Après toutes les manipulations je te post les rapports SDFIX et Hijackthis. Par contre g plutôt supprimer l'antivirus norton car il était en fin d'essai jusqu'en septembre.

    SDFix: Version 1.90

    Run by Laurence on 11/07/2007 at 10:07

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Laurence\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\Laurence\LOCALS~1\Temp\win24.tmp.exe - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Backups Folder: - C:\DOCUME~1\Laurence\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
    C:\Program Files\AOL 8.0\aolphx.exe
    C:\Program Files\AOL 8.0\aoltray.exe
    C:\Program Files\AOL 8.0\RBM.exe
    C:\Program Files\AOL 8.0\waol.exe
    C:\Program Files\AOL 8.0\COMIT\cswitch.exe

    Finished

    Logfile of HijackThis v1.99.1
    Scan saved at 10:28:12, on 11/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Laurence.Pringarbe Messages postés 8 Statut Membre
     
    Bon apparemment tout fonctionne g pu installer mes logiciels sans difficultés, merci merci beaucoup, vous êtes génial.
    Sinon g une toute petite question, g installé un logiciel de Kodak et il se charge au démarrage de windows dans la barre des tâches, je voudrais le décocher mais je ne sais plus comment on fait, avant j'allais dans exécuter je tapais qq chose mais je ne sais plus, pouvez vous m'aider? Merci
    0
  7. Laurence.Pringarbe Messages postés 8 Statut Membre
     
    Désolé de t'embêter mais g retrouvé c t msconfig, donc tout va bien, encore merci pour tout.
    0
  8. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut Laurence.Pringarbe,

    c´est pas fini...

    avec hijack this coche ceci :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/

    quitte tes applications et navigateur et fix les lignes ci dessus.

    connais tu ceci :

    C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE

    puis tu n´as pas de par feu...

    je peux te proposer ceci :

    https://kerio.probb.fr/t4-tlcharger-sunbelt-kerio-personal-firewall

    (merci a boulepate pour le site!!!)

    sur cette page tu as le choix entre kerio et zone alarm, zone alarm est plus facile a configurer que kerio mais un peu moins performant, a toi de voir...

    tutorials :

    zone alarm :

    http://forum.telecharger.01net.com/forum/

    kerio 4.2.

    https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

    kerio autre version 4.5.

    https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6

    puis fais ceci :

    * Télécharge combofix.exe (par sUBs) sur ton Bureau.

    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    * Double clique combofix.exe.
    * Tape sur la touche 1 (Yes) pour démarrer le scan.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+
    0
  9. Laurence Pringarbe
     
    Ah oui j'oublié print master est un logiciel de créations carte, calendriers, etc....
    0
  10. Laurence Pringarbe
     
    Et je ne comprends pas g pourtant un pare feu qui est activé je viens de vérifier, bizarre, peux tu me confirmer que je dois réinstaller un pare-feu? merci. A +
    0
  11. moK´s@ Messages postés 4410 Statut Membre 89
     
    ok tu t´en serts?
    0
  12. moK´s@ Messages postés 4410 Statut Membre 89
     
    ok, tu t´en serts?
    0
    1. Laurence Pringarbe
       
      Que veux tu dire si je m'en sers, car je sais qu'il est activé, doit-on faire autre chose? Je dois te paraître un peu idiote mais je n'y connais pas grand chose mais je sais que tu es là pour m'éclairer et c vraiment sympas, j'attends ta réponse, merci
      0
    2. Laurence Pringarbe
       
      Je te mets le scan avec combofix
      "Laurence" - 2007-07-11 20:57:22 - ComboFix 07-07-10.5 - Service Pack 2


      ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


      2007-07-11 20:56 51,200 --a------ C:\WINDOWS\nircmd.exe
      2007-07-11 13:18 <REP> d-------- C:\WINDOWS\pss
      2007-07-11 11:10 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Anuman Interactive
      2007-07-11 11:09 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Help
      2007-07-11 10:41 <REP> d-------- C:\Program Files\Anuman Interactive
      2007-07-11 10:39 <REP> d-------- C:\WINDOWS\system32\color
      2007-07-11 10:38 <REP> d-------- C:\Program Files\KODAK
      2007-07-11 10:38 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
      2007-07-11 10:38 <REP> d-------- C:\KPCMS
      2007-07-11 10:36 <REP> d-------- C:\Program Files\Micro Application
      2007-07-11 10:36 <REP> d-------- C:\Program Files\Fichiers communs\Micro Application Shared
      2007-07-11 10:06 <REP> d-------- C:\WINDOWS\ERUNT
      2007-07-11 09:55 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
      2007-07-10 17:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
      2007-07-10 13:54 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-07-09 21:32 <REP> d-------- C:\WINDOWS\AU_Temp
      2007-07-09 12:42 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
      2007-07-09 12:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
      2007-07-09 11:59 <REP> d-------- C:\WINDOWS\BWKDLogs
      2007-07-06 20:57 <REP> d-------- C:\WINDOWS\report
      2007-07-05 11:48 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2007-07-05 11:48 208,248 --a------ C:\WINDOWS\system32\muweb.dll
      2007-07-05 10:50 <REP> d-------- C:\Program Files\Serif
      2007-07-05 10:49 5,632 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
      2007-07-05 10:49 133,904 --a------ C:\WINDOWS\system32\MFCANS32.DLL
      2007-07-05 10:49 <REP> d-------- C:\WINDOWS\Profiles
      2007-07-05 10:49 <REP> d-------- C:\Program Files\Web Publish
      2007-07-05 10:48 284,160 --a------ C:\WINDOWS\unin040c.exe
      2007-07-05 10:48 <REP> d-------- C:\Program Files\Broderbund
      2007-07-05 10:44 <REP> d-------- C:\WINDOWS\system32\LogFiles
      2007-07-04 18:14 <REP> d-------- C:\Program Files\MSXML 4.0
      2007-07-04 17:25 <REP> d-------- C:\Program Files\Microsoft Works
      2007-07-04 17:21 <REP> d-------- C:\Program Files\Microsoft.NET
      2007-07-04 17:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
      2007-07-04 17:13 <REP> dr-h----- C:\MSOCache
      2007-07-04 16:46 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer
      2007-07-04 16:45 <REP> d-------- C:\WINDOWS\Prefetch
      2007-07-04 14:49 <REP> d-------- C:\WINDOWS\provisioning
      2007-07-04 14:49 <REP> d-------- C:\WINDOWS\peernet
      2007-07-04 14:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
      2007-07-04 14:29 <REP> d-------- C:\WINDOWS\EHome
      2007-07-04 13:47 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
      2007-07-04 13:46 4,569 --------- C:\WINDOWS\system32\secupd.dat
      2007-07-03 16:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
      2007-07-03 14:52 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      2007-07-03 14:51 <REP> d-------- C:\Program Files\Gamenext
      2007-07-02 14:29 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\AdobeUM
      2007-07-02 12:19 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
      2007-07-02 12:19 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
      2007-07-02 12:18 51,920 --------- C:\WINDOWS\system32\MFCD250.DLL
      2007-07-02 12:18 320,880 --------- C:\WINDOWS\system32\MFC250.DLL
      2007-07-02 12:18 146,976 --------- C:\WINDOWS\system32\MFCOLEUI.DLL
      2007-07-02 12:18 125,344 --------- C:\WINDOWS\system32\MFCO250.DLL
      2007-07-02 12:18 11,072 --------- C:\WINDOWS\system32\MFCN250.DLL
      2007-07-02 12:17 <REP> d-------- C:\SIERRA
      2007-07-02 12:17 <REP> d-------- C:\Program Files\Sierra On-Line
      2007-07-02 10:48 <REP> d-------- C:\Program Files\Google
      2007-07-02 10:48 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Google
      2007-07-02 10:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      2007-07-02 10:43 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
      2007-07-02 10:43 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
      2007-07-02 10:22 6,550 --a------ C:\WINDOWS\jautoexp.dat
      2007-07-02 10:22 46,352 --a------ C:\WINDOWS\setdebug.exe
      2007-07-02 10:22 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
      2007-07-02 10:22 171,280 --a------ C:\WINDOWS\system32\jit.dll
      2007-07-02 10:22 139,536 --a------ C:\WINDOWS\system32\javaee.dll
      2007-07-02 10:21 947,472 --a------ C:\WINDOWS\system32\msjava.dll
      2007-07-02 10:21 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
      2007-07-02 10:21 49,424 --a------ C:\WINDOWS\system32\clspack.exe
      2007-07-02 10:21 404,752 --a------ C:\WINDOWS\system32\javart.dll
      2007-07-02 10:21 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
      2007-07-02 10:21 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
      2007-07-02 10:21 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
      2007-07-02 10:21 172,304 --a------ C:\WINDOWS\system32\jview.exe
      2007-07-02 10:21 171,792 --a------ C:\WINDOWS\system32\wjview.exe
      2007-07-02 10:21 154,384 --a------ C:\WINDOWS\system32\msawt.dll
      2007-07-02 10:21 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
      2007-07-02 10:21 113 --a------ C:\WINDOWS\system32\zonedon.reg
      2007-07-02 10:21 113 --a------ C:\WINDOWS\system32\zonedoff.reg
      2007-06-29 16:10 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Sonic
      2007-06-29 16:07 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Leadertech
      2007-06-29 15:29 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\DivX
      2007-06-29 15:18 <REP> d-------- C:\DOCUME~1\Laurence\APPLIC~1\Ahead
      2007-06-29 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
      2007-06-29 15:14 71,749 --a------ C:\WINDOWS\hcextoutput.dll
      2007-06-29 15:14 267,845 --a------ C:\WINDOWS\tsc.exe
      2007-06-29 15:14 <REP> d-------- C:\WINDOWS\AU_Backup
      2007-06-29 15:13 86,094 --a------ C:\WINDOWS\BPMNT.dll
      2007-06-29 15:13 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
      2007-06-29 15:13 <REP> d-------- C:\Program Files\Nero
      2007-06-29 15:13 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
      2007-06-29 15:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
      2007-06-29 15:12 69,689 --a------ C:\WINDOWS\UNZIP.DLL
      2007-06-29 15:12 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
      2007-06-29 15:12 286,720 --a------ C:\WINDOWS\PATCH.EXE
      2007-06-29 15:12 <REP> d-------- C:\WINDOWS\AU_Log
      2007-06-29 13:42 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
      2007-06-29 13:42 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
      2007-06-29 13:42 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
      2007-06-29 13:42 51,200 --a------ C:\WINDOWS\system32\wstdecod.dll


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-07-11 18:52:03 -------- d-----w C:\Program Files\Hijackthis Version Française
      2007-07-05 08:17:01 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
      2007-07-05 08:17:00 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
      2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
      2007-05-16 16:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
      2007-05-16 16:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
      2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
      2007-05-16 07:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
      2007-05-15 07:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
      2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
      2007-04-23 14:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
      2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
      2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
      2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
      2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
      2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
      2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
      2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      2003-05-15 01:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
      2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
      2007-07-02 10:48 2436160 -ra------ c:\program files\google\googletoolbar1.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
      "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10]
      "SoundMan"="SOUNDMAN.EXE" [2003-08-15 00:34 C:\WINDOWS\SOUNDMAN.EXE]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
      "HPpromo psc 1300 series"="C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" [2003-10-09 12:17]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-07-03 11:18]
      "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 11:33]
      "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sonic RecordNow!"="" []
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-02 10:48]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
      backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
      backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
      backup=C:\WINDOWS\pss\Pense-bête.lnkCommon Startup


      Contents of the 'Scheduled Tasks' folder
      2007-07-11 19:00:03 C:\WINDOWS\tasks\HDReg.job
      2007-06-28 16:02:26 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
      2007-07-11 15:22:17 C:\WINDOWS\tasks\Symantec NetDetect.job

      **************************************************************************

      catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-07-11 21:02:31
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-07-11 21:04:33

      --- E O F ---
      Puis également le nouveau scan hijackthis
      Logfile of HijackThis v1.99.1
      Scan saved at 20:52:05, on 11/07/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\WINDOWS\Explorer.EXE
      C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd.exe
      C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\ntvdm.exe
      C:\WINDOWS\System32\HPZipm12.exe
      C:\Program Files\Shareaza\Shareaza.exe
      C:\WINDOWS\system32\WISPTIS.EXE
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
      O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

      Voilà, j'espère que ça ira maintenant. En tout cas vraiment merci. Dant l'attente de voir si tout est ok, à bientôt. Laurence
      0
  13. moK´s@ Messages postés 4410 Statut Membre 89
     
    bon c´est bon pour C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE...

    non tu ne me parais pas idiote lol

    fais la suite a savoir combofix et instale un par feu...

    @+
    0
  14. Laurence Pringarbe
     
    C vraiment bizarre je viens de revérifier, et g bien un pare feu qui est activé, celui d centre de sécurité windows en fait. Bon sinon ça m'embêtait de réinstaller encore ça mais il le faut vraiment ? je suis un peu chiante je sais lol, bon sinon pour ce soir j'arrête, je verrais demain pour installer un autre pare-feu en attendant que tu me reconfirme cette installation, Biz pour toute cette aide.
    0
  15. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    fais analyser ceci sur ce site :

    C:\WINDOWS\unin040c.exe

    https://www.virustotal.com/gui/

    ou

    http://virusscan.jotti.org/de/

    et post le rapport...

    0
    1. Laurence Pringarbe
       
      Bonjour voici le rapport :

      Datei: Report.txt
      Auslastung: 0% 100%

      Status: OK
      Entdeckte Packprogramme: -
      Bit9 rapportiert: File not found

      A-Squared Keine Viren gefunden
      AntiVir Keine Viren gefunden
      ArcaVir Keine Viren gefunden
      Avast Keine Viren gefunden
      AVG Antivirus Keine Viren gefunden
      BitDefender Keine Viren gefunden
      ClamAV Keine Viren gefunden
      Dr.Web Keine Viren gefunden
      F-Prot Antivirus Keine Viren gefunden
      F-Secure Anti-Virus Keine Viren gefunden
      Fortinet Keine Viren gefunden
      Kaspersky Anti-Virus Keine Viren gefunden
      NOD32 Keine Viren gefunden
      Norman Virus Control Keine Viren gefunden
      Panda Antivirus Keine Viren gefunden
      Rising Antivirus Keine Viren gefunden
      Sophos Antivirus Keine Viren gefunden
      VirusBuster Keine Viren gefunden
      VBA32 Keine Viren gefunden
      0
    2. Laurence Pringarbe
       
      Je l'ai fait également avec l'autre :
      File Report.txt received on 07.12.2007 09:24:55 (CET)
      Current status: queued waiting scanning finished NOT FOUND STOPPED


      Your file is queued in position: ___.
      Estimated start time is between ___ and ___ .
      Do not close the window untill scan is complete.
      The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
      If you are waiting for more than five minutes you have to resend your file.
      Your file is being scanned by VirusTotal in this moment,
      results will be shown as they're generated.
      Print results

      Your file has expired or do not exists.
      Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

      You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
      Email:


      Antivirus Version Last Update Result
      AhnLab-V3 2007.7.11.1 07.11.2007 no virus found
      AntiVir 7.4.0.39 07.12.2007 no virus found
      Authentium 4.93.8 07.12.2007 no virus found
      Avast 4.7.997.0 07.12.2007 no virus found
      AVG 7.5.0.476 07.12.2007 no virus found
      BitDefender 7.2 07.12.2007 no virus found
      CAT-QuickHeal 9.00 07.11.2007 no virus found
      ClamAV devel-20070416 07.12.2007 no virus found
      DrWeb 4.33 07.12.2007 no virus found
      eSafe 7.0.15.0 07.10.2007 no virus found
      eTrust-Vet 30.8.3780 07.11.2007 no virus found
      Ewido 4.0 07.11.2007 no virus found
      FileAdvisor 1 07.12.2007 no virus found
      Fortinet 2.91.0.0 07.12.2007 no virus found
      F-Prot 4.3.2.48 07.11.2007 no virus found
      Ikarus T3.1.1.8 07.12.2007 no virus found
      Kaspersky 4.0.2.24 07.12.2007 no virus found
      McAfee 5072 07.11.2007 no virus found
      Microsoft 1.2704 07.12.2007 no virus found
      NOD32v2 2394 07.11.2007 no virus found
      Norman 5.80.02 07.11.2007 no virus found
      Panda 9.0.0.4 07.12.2007 no virus found
      Sophos 4.19.0 07.06.2007 no virus found
      Sunbelt 2.2.907.0 07.12.2007 no virus found
      Symantec 10 07.12.2007 no virus found
      TheHacker 6.1.6.145 07.12.2007 no virus found
      VBA32 3.12.0.2 07.12.2007 no virus found
      VirusBuster 4.3.23:9 07.11.2007 no virus found
      Webwasher-Gateway 6.0.1 07.12.2007 no virus found
      Aditional information
      File size: 2455 bytes
      MD5: 3ba8c7a3e16b6213322ce0c59617b9b7
      SHA1: bab2a0c875aa263f76424c5c825e5208feb78fdc
      0
    3. Laurence Pringarbe
       
      Oups je viens de m'apercevoir que je me suis tropmé pour le scan, je te post enfin le bon, dsl
      Datei: unin040c.exe
      Auslastung: 0% 100%

      Status: OK
      Entdeckte Packprogramme: -
      Bit9 rapportiert: No threat detected (more info)

      A-Squared Keine Viren gefunden
      AntiVir Keine Viren gefunden
      ArcaVir Keine Viren gefunden
      Avast Keine Viren gefunden
      AVG Antivirus Keine Viren gefunden
      BitDefender Keine Viren gefunden
      ClamAV Keine Viren gefunden
      Dr.Web Keine Viren gefunden
      F-Prot Antivirus Keine Viren gefunden
      F-Secure Anti-Virus Keine Viren gefunden
      Fortinet Keine Viren gefunden
      Kaspersky Anti-Virus Keine Viren gefunden
      NOD32 Keine Viren gefunden
      Norman Virus Control Keine Viren gefunden
      Panda Antivirus Keine Viren gefunden
      Rising Antivirus Keine Viren gefunden
      Sophos Antivirus Keine Viren gefunden
      VirusBuster Keine Viren gefunden
      VBA32 Keine Viren gefunden

      Puis avec l'autre
      Antivirus Version Last Update Result
      AhnLab-V3 2007.7.11.1 07.11.2007 no virus found
      AntiVir 7.4.0.39 07.12.2007 no virus found
      Authentium 4.93.8 07.12.2007 no virus found
      Avast 4.7.997.0 07.12.2007 no virus found
      AVG 7.5.0.476 07.12.2007 no virus found
      BitDefender 7.2 07.12.2007 no virus found
      CAT-QuickHeal 9.00 07.11.2007 no virus found
      ClamAV devel-20070416 07.12.2007 no virus found
      DrWeb 4.33 07.12.2007 no virus found
      eSafe 7.0.15.0 07.10.2007 no virus found
      eTrust-Vet 30.8.3780 07.11.2007 no virus found
      Ewido 4.0 07.11.2007 no virus found
      FileAdvisor 1 07.12.2007 no virus found
      Fortinet 2.91.0.0 07.12.2007 no virus found
      F-Prot 4.3.2.48 07.11.2007 no virus found
      Ikarus T3.1.1.8 07.12.2007 no virus found
      Kaspersky 4.0.2.24 07.12.2007 no virus found
      McAfee 5072 07.11.2007 no virus found
      Microsoft 1.2704 07.12.2007 no virus found
      NOD32v2 2394 07.11.2007 no virus found
      Norman 5.80.02 07.11.2007 no virus found
      Panda 9.0.0.4 07.12.2007 no virus found
      Sophos 4.19.0 07.06.2007 no virus found
      Sunbelt 2.2.907.0 07.12.2007 no virus found
      Symantec 10 07.12.2007 no virus found
      TheHacker 6.1.6.145 07.12.2007 no virus found
      VBA32 3.12.0.2 07.12.2007 no virus found
      VirusBuster 4.3.23:9 07.11.2007 no virus found
      Webwasher-Gateway 6.0.1 07.12.2007 no virus found
      Aditional information
      File size: 284160 bytes
      MD5: 32a7dcb9f65f4c7c0bec38c6f1899f35
      SHA1: 3900a0e343159e42cd9ff630e9bce5eb26b08f6c
      0
    4. Laurence Pringarbe
       
      Pour les pare-feu, le prob c que c des essais gratuit soit de 15 jrs ou 30 jrs, et mon pare feu apparemment marche puisque g déjà eu des demandes de blocage. Comment as tu vu qu'il n'y avait pas de pare feu activé sur mon ordi ? Je te pose toutes ces questions par curiosité ça m'intrigue cette histoire de pare-feu. Merci pour ta patience. Biz
      0
  16. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut Laurence Pringarbe,

    ok pour le fichier a analyser

    pour le par feu, tu as quoid comme par feu, celui de windows ou?

    @+
    0
    1. Laurence.Pringarbe Messages postés 8 Statut Membre
       
      Salut, le pare feu que g c celui de windows. Ne marche t-il pas ? Biz
      0
  17. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut Laurence.Pringarbe, le

    le par feu de windows est une vrai passoire...

    je peux te proposer ceci :

    https://kerio.probb.fr/t4-tlcharger-sunbelt-kerio-personal-firewall

    (merci a boulepate pour le site!!!)

    sur cette page tu as le choix entre kerio et zone alarm, zone alarm est plus facile a configurer que kerio mais un peu moins performant, a toi de voir...

    tutorials :

    zone alarm :

    http://forum.telecharger.01net.com/forum/

    kerio 4.2.

    https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

    kerio autre version 4.5.

    https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6

    Voila.
    0
    1. Laurence Pringarbe
       
      Slt, bon Ok je vais donc installer un autre pare-feu, vraiment merci pour toute ton aide. Biz
      0
    2. Laurence Pringarbe
       
      G installé Kério mais c une version d'essai de 30 jrs, n'est-il pas gratuit?
      0
  18. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut laurence,

    oui c´est pour trente jour et a la fin des 30 jours seules quelques fonction vont disparaitre, mais tu peux les retrouver par exemple en surfant avec firefox..,

    http://www.firefox2.net/

    @+
    0
    1. Laurence Pringarbe
       
      Ok, merci pour tout, bon mon prob est résolu grâce à toi, de ce fait je pense que nous 2 c fini lol enfin je crois, peut-être à une autre fois, encore merci pour ton aide. Biz Mok's@.
      0
  19. moK´s@ Messages postés 4410 Statut Membre 89
     
    ok pas de probleme ;-)
    0