Trj virtumonde, win32 agent LWP

jroscope -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Apres quelques PB de trojan et + (trojan.virtumonde, win32 agent LWP, carlton...), j'ai appliqué la "methode préliminaire de desinfection".

Voici les 3 rapports de scan.

Merci de m'apporter une aide...

JRoscope
--------------------------------------------------------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:41:32 08/10/2007

+ Résultat de l'analyse:

:mozilla.495:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.496:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.497:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.498:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.102:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.103:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.105:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.107:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.116:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.117:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.118:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.119:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.120:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.121:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.194:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.316:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.467:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.781:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.5:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\hgyohzwy.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.162:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.163:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.246:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.247:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.248:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.249:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.250:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.463:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.485:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.14:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.530:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.531:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.726:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.822:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Centrport : Nettoyé.
:mozilla.281:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.282:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.283:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.284:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.285:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.354:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.13:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.139:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.256:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.257:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.206:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.392:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.393:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.394:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.395:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.396:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.397:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.398:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.446:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.451:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.557:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.734:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.241:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.242:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.559:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
:mozilla.416:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.738:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.739:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.740:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.741:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.150:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.35:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.38:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.39:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.823:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.516:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.517:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.518:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.519:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.532:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.533:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.730:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.558:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.707:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Ru4 : Nettoyé.
:mozilla.473:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.474:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.475:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.476:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.477:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.478:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.795:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.796:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.67:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.69:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.70:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.71:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.72:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.74:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.75:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.538:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.539:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.540:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.541:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.429:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.430:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.431:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.679:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Targetnet : Nettoyé.
:mozilla.123:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.124:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.129:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.130:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.708:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyé.
:mozilla.709:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyé.
:mozilla.520:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.888:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.29:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.30:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.31:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.553:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.152:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.153:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.154:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.155:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.156:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.157:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.226:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.227:C:\Documents and Settings\Les Bifs\Application Data\Mozilla\Firefox\Profiles\lsl901i2.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.

Fin du rapport
-------------------------------------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Mon, Oct 08, 2007 - 02:43:58

Scan path: A:\;C:\;D:\;E:\;K:\;L:\;M:\;N:\;

Statistics

Time
01:53:20

Files
484941

Folders
9135

Boot Sectors
7

Archives
3096

Packed Files
14651

Results

Identified Viruses
4

Infected Files
21

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
20

Engines Info

Virus Definitions
825543

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L9VBHTOT\init[1].exe
Infected with: Trojan.Downloader.JJAO

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L9VBHTOT\init[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L9VBHTOT\init[1].exe
Deleted

C:\g7n4l2o4i4.exe
Infected with: Trojan.Dialer.VUY

C:\g7n4l2o4i4.exe
Deleted

C:\g7n4l2o4i4v4.exe
Infected with: Trojan.Dialer.VUY

C:\g7n4l2o4i4v4.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP595\A0135657.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP595\A0135657.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP596\A0135713.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP596\A0135713.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP596\A0135730.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP596\A0135730.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP596\A0136791.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP596\A0136791.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP597\A0137791.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP597\A0137791.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP597\A0137823.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP597\A0137823.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0137865.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0137865.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0137941.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0137941.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0137967.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0137967.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0138004.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0138004.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0138082.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP598\A0138082.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP599\A0138241.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP599\A0138241.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP607\A0147239.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP607\A0147239.exe
Deleted

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP607\A0147240.exe
Infected with: Trojan.Dialer.VUY

C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP607\A0147240.exe
Deleted

C:\WINDOWS\LBTWiz.exe
Infected with: Backdoor.Sdbot.DEXW

C:\WINDOWS\LBTWiz.exe
Disinfection failed

C:\WINDOWS\LBTWiz.exe
Delete failed

C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com
Infected with: DeepScan:Generic.Sdbot.DC3D9A85

C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com
Disinfection failed

C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com
Deleted

C:\WINDOWS\N039_jpg.zip
Updated

C:\WINDOWS\Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Infected with: Backdoor.Sdbot.DEXW

C:\WINDOWS\Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Disinfection failed

C:\WINDOWS\Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Deleted

C:\WINDOWS\Nokia_19_jpg.zip
Updated

C:\WINDOWS\usnsvc.exe
Infected with: DeepScan:Generic.Sdbot.DC3D9A85

C:\WINDOWS\usnsvc.exe
Disinfection failed

C:\WINDOWS\usnsvc.exe
Deleted
----------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 06:52:54, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\userinit.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\AOL\1144919317\ee\AOLSoftware.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\LBTWiz.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\fichiers communs\aol\1144919317\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1144919317\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\program files\fichiers communs\aol\1144919317\ee\aexplore.exe
c:\program files\fichiers communs\aol\1144919317\ee\aexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1144919317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Fichiers communs\AOL\Launch\AOLLaunch.exe" /d locale=fr-FR ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9617CAB-A10E-4009-AC08-983FAE5694E8}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Configuration: Windows XP
AOL Browser 1.1

5 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    pour ça:

    C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com
    Infected with: DeepScan:Generic.Sdbot.DC3D9A85

    Télécharge MSNFix de Laurent
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

    verife dans poste de travail puis ... si encore present:

    C:\WINDOWS\Nokia_19_jpg.zip
    _____________________

    pour ça:

    utilise pour supprimer tes traces et surtout supprime les fichihers temporaires:

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L9VBHTOT\init[1].exe
    Infected with: Trojan.Downloader.JJAO

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L9VBHTOT\init[1].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L9VBHTOT\init[1].exe
    Deleted

    ____________

    pour ça:

    désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP595\A0135657.exe
    Infected with: Trojan.Dialer.VUY

    _______________

    scan avec des antiespions (en mode sans échec):

    spybot :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    voir demo d utilisation (merci Balltrap)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    ____________

    ensuite:

    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    _______________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html

    _______________

    recolle un scan en ligne et recolle hijackthis et dis tes pbs!!
    0
  2. jroscope
     
    Bonjour à vous,

    Merci pour votre aide.

    J'ai donc effectué les manip. conseillées voici les rapports. Mon inquiétude se porte dans
    "mes connexions"
    ma connexion AOL apparait comme "deconnectée" au profit
    d'une connexion "connectée" qui s'appelle the internet(2) WAN Miniport (ATW)
    Elle semble être générée automatiquement (par qui?) et disparaît lorsqu'on est "hors connexion" . Bizarre non ?

    Merci de me donner votre avis sur les rapports et votre avis sur la connexion the internet(2)

    Bonne journée

    ---------------------------------------------------------------------------

    MSNFix 1.540

    C:\MSNFix\MSNFix
    Fix exécuté le 12/10/2007 - 21:30:51,04 By jroscope
    mode normal

    ************************ Recherche les fichiers présents

    Aucun Fichier trouvé

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\Documents and Settings\jroscope\presets.ini] 4470D646283995A37E7C852818FDBF64

    [color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\JEANRO~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 12102007_21333035.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END -----------------------------

    ComboFix 07-10-11.1 -
    jroscope 2007-10-10 22:56:37.1 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.134 [GMT 2:00]
    Running from: K:\Donn‚es JEAN\User-jean applications logicielles\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\userinit.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_PERFORMANCE_MONITOR

    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-10 22:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-10 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-10 20:55 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-09 19:48 <REP> d-------- C:\MSNFix
    2007-10-08 00:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-07 22:24 <REP> d-------- C:\Documents and Settings\jroscope \Application Data\Grisoft
    2007-10-07 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-07 22:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-07 21:51 <REP> d-------- C:\Program Files\CCleaner
    2007-10-07 16:52 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-07 16:51 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-10-07 16:51 <REP> d-------- C:\Documents and Settings\jroscope \Application Data\PC Tools
    2007-10-07 16:51 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-07 16:51 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-07 16:51 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-07 16:51 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-07 16:50 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-04 09:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-09-23 12:23 <REP> d-------- C:\Documents and Settings\jroscope \Application Data\Uniblue
    2007-09-15 17:20 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-09-15 17:20 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-09-15 17:20 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-09-15 17:20 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 21:12 --------- d-----w C:\Documents and Settings\jroscope\Application Data\OpenOffice.org2
    2007-10-11 21:10 --------- d-----w C:\Program Files\HDD Health
    2007-10-10 20:43 --------- d-----w C:\Program Files\Creative
    2007-10-08 04:52 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-10-04 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-09-30 14:21 --------- d-----w C:\Program Files\gesequipe
    2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-09-03 08:08 --------- d-----w C:\Program Files\Google
    2007-08-16 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
    2005-11-15 15:09 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00]
    "HDDHealth"="C:\Program Files\HDD Health\hddhealth.exe" [2005-06-24 09:17]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
    "Aim6"="C:\Program Files\Fichiers communs\AOL\Launch\AOLLaunch.exe" [2006-09-26 02:52]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 18:14]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
    R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
    R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S2 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
    S3 PD1030VID;Creative WebCam Pro;C:\WINDOWS\system32\DRIVERS\P1030Vid.sys
    S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-10 19:51:17 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    "2007-10-01 11:13:54 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    "2007-09-23 10:24:06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    "2007-10-10 20:54:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-11 23:10:13
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-11 23:15:32 - machine was rebooted
    .
    --- E O F ---

    ----------------------------------------------------------------------------------
    BitDefender Online Scanner

    Scan report generated at: Fri, Oct 12, 2007 - 14:05:50


    Scan path: A:\;C:\;D:\;E:\;K:\;L:\;M:\;N:\;

    Statistics

    Time
    02:00:49

    Files
    469185

    Folders
    8915

    Boot Sectors
    7

    Archives
    2597

    Packed Files
    14555

    Results

    Identified Viruses
    1

    Infected Files
    3

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    3

    Engines Info

    Virus Definitions
    826412

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/LBTWiz.exe
    Infected with: Backdoor.Sdbot.DEXW

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/LBTWiz.exe
    Disinfection failed

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/LBTWiz.exe
    Deleted

    C:\MSNFix\MSNFix\12102007_21333035.zip
    Updated

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
    Infected with: Backdoor.Sdbot.DEXW

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
    Disinfection failed

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
    Deleted

    C:\MSNFix\MSNFix\12102007_21333035.zip=>backup/Nokia_19_jpg.zip
    Updated

    C:\MSNFix\MSNFix\12102007_21333035.zip
    Updated

    C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP614\A0149839.exe
    Infected with: Backdoor.Sdbot.DEXW

    C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP614\A0149839.exe
    Disinfection failed

    C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP614\A0149839.exe
    Deleted

    ---------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 14:10:12, on 12/10/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HDD Health\hddhealth.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\AOL\1144919317\ee\aolsoftware.exe
    C:\Program Files\AOL Compagnon\companion.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    c:\program files\fichiers communs\aol\1144919317\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
    c:\program files\fichiers communs\aol\1144919317\ee\aolsoftware.exe
    C:\PROGRA~1\AOL9~1.0B\waol.exe
    C:\PROGRA~1\AOL9~1.0B\shellmon.exe
    C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
    c:\program files\fichiers communs\aol\1144919317\ee\aexplore.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Fichiers communs\AOL\Launch\AOLLaunch.exe" /d locale=fr-FR ee://aol/imApp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
    O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll/gn_menu1.html
    O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-281417448.dll/gn_menu2.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{54A6E267-15E4-4F84-AB85-CC6805A1FF0B}: NameServer = 205.188.146.145
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C9617CAB-A10E-4009-AC08-983FAE5694E8}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    C:\System Volume Information\_restore{7F15362A-B374-4440-9D40-C6662B6A84CD}\RP614\A0149839.exe
    Infected with: Backdoor.Sdbot.DEXW

    désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    ____________

    Vas sur le site https://virusscan.jotti.org/
    - Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :

    C:\Documents and Settings\jroscope\presets.ini

    - Clic sur submit toujours en haut à droite
    - Le scan va se lancer, ça va prendre un petit instant
    - En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
    Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

    ______________

    le rapport clean svp
    0
  4. jroscope
     
    Bonjour,

    Merci pour votre réponse.
    Voici le rapport de Jotti's malware et ensuite celui de clean
    Qu'en pensez-vous?

    Slts/Jroscope

    Scanner Malware name
    A-Squared X
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    CPsecure X
    Dr.Web X
    F-Prot Antivirus X
    F-Secure Anti-Virus X
    Fortinet PossibleThreat
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control Suspicious_F.gen
    Panda Antivirus X
    Rising Antivirus X
    Sophos Antivirus Mal/Packer
    VirusBuster X
    VBA32 X


    Voici le rapport scan de clean:

    13/10/2007 a 17:43:29,67

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND
    "C:\Program Files\Viewpoint\" FOUND
    *** Fin du rapport !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,
    supprime manuellement ce fichier dans ton poste de travail puis C...

    C:\Documents and Settings\jroscope\presets.ini

    _____________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    __________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    ______________
    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _______________

    dis tes pbs: pubs.....????
    0